Encryption system and control method thereof

ABSTRACT

To provide a cryptographic system capable of flexibly changing decryption authorization and preventing the action of a third person impersonating a user having the decryption authorization to improperly utilize the system. 
     When an enciphered file is accepted in a client, a decryptor ID, a creator ID, and a first enciphered session key are transmitted to a key management server  10  (step  141 ). It is judged whether or not the creator ID is stored as a decryption object ID in a management database in correspondence with the decryptor ID (step  147 ). When the creator ID is stored, the first enciphered session key is deciphered with an inherent key corresponding to the creator ID in the management database (step  148 ), and the obtained session key is enciphered with a public key corresponding to the decryptor ID (step  149 ). A secret key is used in a client which has received a second enciphered session key so that deciphering processing is performed, to obtain a session key. Enciphered data is deciphered with the session key.

TECHNICAL FIELD

The present invention relates to a cryptographic system and a method ofcontrolling the same.

BACKGROUND ART

In a cryptographic system that provides to a user processing forenciphering (encrypting) plaintext and processing for deciphering(decrypting) ciphertext using a computer, a particular user may, in somecases, be given authorization to decipher ciphertext (decryptionauthorization) created by another user. In this case, in such a mannerthat the other user merely distributes a key used forenciphering/deciphering processing to the particular user, the change inthe contents of the authorization cannot be quickly coped with. Further,in a cryptographic system utilizing a network, measures to prevent theaction of impersonating a user having decryption authorization toimproperly decipher ciphertext created by another user are alsorequired.

DISCLOSURE OF INVENTION

An object of the present invention is to provide a cryptographic systemthat makes it easy to change decryption authorization and makes itimpossible for a person having no decryption authorization to easilyimpersonate a person having decryption authorization to improperlydecipher ciphertext and a method of controlling the same.

A cryptographic system according to a first invention comprises a keymanagement server and a client which are connected to each other througha network. The key management server comprises a management database forstoring, with respect to each of users, an inherent ID, an inherent key,and an inherent public key which are inherent in the user, and adecryption object ID which is an inherent ID of a creator of anenciphered file decipherable by the user. The client comprises inherentdata storing means for storing the inherent ID and an inherent secretkey paired with the inherent public key, and session key generatingmeans. The inherent data storing means may be a medium (e.g., a floppydisk) attachable or detachable to or from the client or a storage device(e.g., a hard disk) fixed to the client.

The client accepts the entry of plaintext data. As described later, theenciphered file created in the cryptographic system according to thefirst invention includes enciphered data obtained by enciphering theaccepted plaintext data and has a data structure suitable fordeciphering processing in the cryptographic system. The enciphered fileis created in the following manner.

The client transmits to the key management server the inherent ID storedin the inherent data storing means when the plaintext data is accepted.The inherent ID is an ID which differs for each client, that is, foreach user who utilizes the cryptographic system.

The management database in the key management server stores the inherentpublic key and the inherent key in correspondence with the inherent ID,as described above. The key management server receives the inherent IDtransmitted from the client, and enciphers with the inherent public keystored in the management database in correspondence with the receivedinherent ID the inherent key stored in the management database incorrespondence with the inherent ID, to generate an enciphered inherentkey. The generated enciphered inherent key is transmitted to the client.

The client receives the enciphered inherent key. In the client which hasreceived the enciphered inherent key, a session key is generated by thesession key generating means, and the accepted plaintext data isenciphered with the generated session key, to create enciphered data.The enciphered inherent key transmitted from the key management serveris deciphered with the inherent secret key stored in the inherent datastoring means, to obtain an inherent key. The inherent secret key is aninherent secret key paired with the inherent public key used forenciphering the inherent key in the key management server. Accordingly,the enciphered inherent key obtained by the encryption with the inherentpublic key is deciphered with the inherent secret key (an inherent keyis obtained). The pair of the inherent public key and the inherentsecret key differs for each user who utilizes the cryptographic system.

In the client, the session key is enciphered with the obtained inherentkey, to generate a first enciphered session key. The inherent ID storedin the inherent data storing means is used as a creator ID, to add thecreator ID and the generated first enciphered session key to theenciphered data, to create an enciphered file. Thus, the enciphered filecreated in the cryptographic system according to the first invention hasthe creator ID and the first enciphered session key (obtained byenciphering the session key used for generating the enciphered data withan inherent key for the creator of the enciphered file) added to theenciphered data obtained by enciphering the plaintext data. The createdenciphered file is stored in a storage device (a hard disk, a floppydisk, etc.) in the client used for creating the enciphered file or astorage device in another computer.

Processing for deciphering the enciphered file created in theabove-mentioned manner is performed in the following manner.

The entry of the enciphered file is accepted in the client. When theenciphered file is accepted, the client uses the inherent ID stored inthe inherent data storing means as a decryptor ID, to transmit to thekey management server the decryptor ID, and the creator ID and the firstenciphered session key in the accepted enciphered file.

The key management server judges whether or not the received creator IDis stored as the decryption object ID in the management database incorrespondence with the decryptor ID transmitted from the client.

When it is judged that the received creator ID is stored as thedecryption object ID in the management database, the first encipheredsession key is deciphered with the inherent key stored in the managementdatabase in correspondence with the creator ID, to obtain a session key,and the obtained session key is enciphered with the inherent public keystored in the management database in correspondence with the decryptorID, to generate a second enciphered session key.

In a case where a creator of an entered enciphered file is a decipheringperson who will decipher the enciphered file (a case where an encipheredfile is entered into a client in such a user) (which is a case where anenciphered file created by the user is deciphered by the same userhimself or herself), the creator ID added to the enciphered file is thesame as a decryptor ID. In a case where the creator of the enteredenciphered file differs from the deciphering person who will decipherthe enciphered file (a case where an enciphered file created by anotheruser is deciphered), the creator ID differs from the decryptor ID. Ineither case, it is judged whether or not the enciphered file is allowedto be deciphered depending on whether or not the creator ID is stored(registered) as a decryption object ID in the management database incorrespondence with the decryptor ID.

The first enciphered session key is obtained by enciphering the sessionkey with the inherent key for the creator of the enciphered file. Whenthe first enciphered session key is deciphered with the inherent key forthe creator of the enciphered file, therefore, a session key isobtained. Further, the obtained session key is enciphered with aninherent public key for a deciphering person (decryptor) (this is asecond enciphered session key). The second enciphered session key istransmitted to the client.

In the client, the second enciphered session key transmitted from thekey management server is deciphered with the inherent secret key storedin the inherent data storing means, to obtain a session key, and theenciphered data in the accepted enciphered file is deciphered with theobtained session key, to obtain plaintext data.

According to the present invention, the decryption object ID is storedin correspondence with the inherent ID for each user in the managementdatabase in the key management server. Accordingly, determination onwhich user is given authorization to decipher the enciphered filecreated by a user and which user creates the enciphered file can beintensively managed in the key management server. In the key managementserver, the decryption authorization can be easily changed if thedecryption object ID in the management database is added, replaced, ordeleted.

Furthermore, according to the present invention, the key managementserver judges whether or not the user who will decipher the encipheredfile has the decryption authorization every time the processing fordeciphering the enciphered file is performed in the client. Every timethe enciphered file is to be deciphered, it is judged whether or not theuser who will decipher the enciphered file is a person who can decipherthe enciphered file to be deciphered (whether or not the user has thedecryption authorization). Therefore, a cryptographic system high insafety and reliability is constructed.

According to the present invention, the essential requirement fordeciphering the enciphered file is that the second enciphered sessionkey can be deciphered. The second enciphered session key can bedeciphered by only a user who has the inherent secret key paired withthe inherent public key used for generating the second encipheredsession key. Even if an unauthorized third person (a person having nodecryption authorization) obtains the enciphered file, and obtains thesecond enciphered session key using an inherent ID of the other personas a decryptor ID, the third person who does not have the inherentsecret key paired with the inherent public key used for generating thesecond enciphered session key cannot obtain a session key from thesecond enciphered session key. The enciphered file (enciphered data)cannot be eventually deciphered. It is possible to prevent the action ofimpersonating a user having decryption authorization to improperlydecipher the enciphered file.

In a preferred mode, the key management server transmits data indicatingthat decryption is impossible to the client when the received creator IDis not stored as the decryption object ID in the management database incorrespondence with the received decryptor ID. The client which hasreceived the data indicating that decryption is impossible terminatesthe processing without performing processing for deciphering theenciphered data. That is, the user having no decryption authorizationcannot decipher the enciphered file. The presence or absence of thedecryption authorization is judged in the key management server.

In still another mode, the client comprises first public key/secret keygenerating means, a pair of an inherent public key and an inherentsecret key is generated by the first public key/secret key generatingmeans, the generated inherent secret key is stored in the inherent datastoring means, and the generated inherent public key and the inherent IDstored in the inherent data storing means are transmitted to the keymanagement server. The key management server which has received theinherent public key and the inherent ID stores the received inherentpublic key in the management database in correspondence with thereceived inherent ID. That is, the inherent public key out of theinherent public key and the inherent secret key which are generated bythe first public key/secret key generating means in the client ismanaged in the management database in the key management server. Theinherent public key, together with the inherent ID, is transmitted tothe key management server. Even if a lot of clients (users who utilizethe cryptographic system) are included in the cryptographic system,therefore, the inherent public key can be managed for each inherent ID(for each user) in the management database. The inherent secret key isgenerated in the client, and is stored in the inherent data storingmeans in the client. Accordingly, the possibility that the inherentsecret key leaks is low.

In still another mode, the key management server comprises second publickey/secret key generating means, a pair of a common public key and acommon secret key is generated by the second public key/secret keygenerating means, and the common public key is transmitted (distributed)to the client. The client comprises first public key/secret keygenerating means, a pair of an inherent public key and an inherentsecret key is generated by the first public key/secret key generatingmeans, and the generated inherent secret key is stored in the inherentdata storing means. The client which has received the common public keyenciphers the inherent public key with the received common public key,to generate an enciphered inherent public key, and transmits to the keymanagement server the generated enciphered inherent public key and theinherent ID stored in the inherent data storing means. The keymanagement server which has received the enciphered inherent public keyand the inherent ID deciphers the enciphered inherent public key withthe common secret key, to obtain an inherent public key, and stores theobtained inherent public key in the management database incorrespondence with the received inherent ID. The inherent public keyfor each user which is generated in the client and is stored in themanagement database in the key management server is transmitted in anenciphered state to the key management server from the client, therebymaking it possible to prevent the inherent public key from leaking. Thepair of the common public key which is generated in the key managementserver and is transmitted to the client and the common secret key may bethe same for all clients, or may differ for each client.

A cryptographic system according to a second invention comprises a keymanagement server and a client which are connected to each other througha network. The key management server comprises a management database forstoring, with respect to each of users, an inherent ID, an inherent key,and an inherent public key which are inherent in the user, and adecryption object ID which is an inherent ID of a creator of anenciphered file decipherable by the user. The client comprises inherentdata storing means for storing the inherent ID and an inherent secretkey paired with the inherent public key, and session key generatingmeans.

The client accepts the entry of plaintext data or an enciphered file.

When the plaintext data is accepted, a session key is generated by thesession key generating means, and the entered plaintext data isenciphered with the generated session key, to create enciphered data.Further, the session key is enciphered with the inherent secret keystored in the inherent data storing means, to generate a firstenciphered session key. The inherent ID stored in the inherent datastoring means is used as a creator ID, to transmit to the key managementserver the creator ID and the generated first enciphered session key.

In the key management server, the first enciphered session keytransmitted from the client is deciphered with the inherent public keystored in the management database in correspondence with the creator ID,to obtain a session key, and the obtained session key is enciphered withthe inherent key stored in the management database in correspondencewith the creator ID, to generate a second enciphered session key. Thegenerated second enciphered session key is transmitted to the client.

In the client, the creator ID stored in the inherent data storing meansand the second enciphered session key transmitted from the keymanagement server are added to the enciphered data, to create anenciphered file. Thus, the enciphered file created in the cryptographicsystem in the second invention has the creator ID and the secondenciphered session key (obtained by enciphering the session key used forgenerating the enciphered data with an inherent key for the creator ofthe enciphered file) added to the enciphered data obtained byenciphering the plaintext data.

Processing for deciphering the enciphered file created in theabove-mentioned manner is performed in the following manner.

When the enciphered file is accepted in the client, the client uses theinherent ID stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thecreator ID and the second enciphered session key in the acceptedenciphered file.

The key management server judges whether or not the received creator IDis stored as a decryption object ID in the management database incorrespondence with the decryptor ID transmitted from the client. Whenthe creator ID is stored as the decryption object ID in the managementdatabase, the second enciphered session key is deciphered with theinherent key stored in the management database in correspondence withthe creator ID, to obtain a session key, and the obtained session key isenciphered with the inherent public key stored in the managementdatabase in correspondence with the decryptor ID, to generate a thirdenciphered session key. The generated third enciphered session key istransmitted to the client.

In the client, the third enciphered session key transmitted from the keymanagement server is deciphered with the inherent secret key stored inthe inherent data storing means, to obtain a session key, and theenciphered data in the accepted enciphered file is deciphered with theobtained session key, to obtain plaintext data.

In the cryptographic system according to the second invention, in boththe processing for creating the enciphered file and the processing fordeciphering the enciphered file, the inherent key for each user storedin the management database in the key management server and theenciphered inherent key obtained by enciphering the inherent key are nottransmitted and received between the key management server and theclient. Therefore, the secrecy of the inherent key is significantlyhigh. Also in the second invention, the decryption object ID is storedin correspondence with the inherent ID for each user in the managementdatabase in the key management server. Accordingly, determination onwhich user is given authorization to decipher the enciphered filecreated by a user and which user creates the enciphered file can beintensively managed in the key management server. Further, the essentialrequirement for deciphering the enciphered file is that the thirdenciphered session key can be deciphered. The third enciphered sessionkey can be deciphered by only a user having the inherent secret keypaired with the inherent public key used for generating the thirdenciphered session key. Therefore, it is possible to prevent the actionof impersonating a user having decryption authorization to improperlydecipher the enciphered file.

In one mode, the key management server enciphers, in the step ofprocessing for creating the enciphered file, the generated secondenciphered session key with the inherent public key stored in themanagement database in correspondence with the creator ID, to generatean enciphered second enciphered session key, and transmits the generatedenciphered second enciphered session key to the client. The client whichhas received the enciphered second enciphered session key deciphers thereceived enciphered second enciphered session key with the inherentsecret key stored in the inherent data storing means, to obtain a secondenciphered session key. Since the second enciphered session keytransmitted to the client from the key management server is transmittedin an enciphered state, the safety of the second enciphered session keyis enhanced.

In another mode, the client enciphers, in the step of processing fordeciphering the enciphered file, the creator ID and the secondenciphered session key in the enciphered file with the inherent secretkey stored in the inherent data storing means, to generate an encipheredparameter, and transmits to the key management server the decryptor IDand the generated enciphered parameter. The key management server whichhas received the decryptor ID and the enciphered parameter deciphers thereceived enciphered parameter with the inherent public key stored in themanagement database in correspondence with the received decryptor ID, toobtain the creator ID and the second enciphered session key. Since thesecond enciphered session key transmitted to the key management serverfrom the client is transmitted in an enciphered state, the safety of thesecond enciphered session key is enhanced.

In a cryptographic system according to a third invention, a keymanagement server comprises a management database for storing, withrespect to each of users, an inherent ID, an inherent key, and aninherent public key which are inherent in the user, and a decryptionobject ID which is an inherent ID of a creator of an enciphered filedecipherable by the user, and common key storing means for storing apair of a common public key and a common secret key. A client comprisesinherent data storing means for storing the inherent ID and an inherentsecret key paired with the inherent public key, common public keystoring means for storing the common public key, and session keygenerating means.

The client accepts the entry of plaintext data, generates, when theplaintext data is accepted, a session key by the session key generatingmeans, and enciphers the entered plaintext data with the generatedsession key, to create enciphered data. The session key is encipheredwith the common public key stored in the common public key storingmeans, to generate a first enciphered session key, and the inherent IDstored in the inherent data storing means is used as a creator ID, totransmit to the key management server the creator ID and the generatedfirst enciphered session key.

The key management server deciphers the first enciphered session keytransmitted from the client with the common secret key stored in thecommon key storing means, to obtain a session key, enciphers theobtained session key with the inherent key stored in the managementdatabase in correspondence with the creator ID, to generate a secondenciphered session key, and transmits the generated second encipheredsession key to the client.

The client adds to the enciphered data the creator ID stored in theinherent data storing means and the second enciphered session keytransmitted from the key management server, to create an encipheredfile.

When the enciphered file created in the above-mentioned manner isaccepted, the client uses the inherent ID stored in the inherent datastoring means as a decryptor ID, to transmit to the key managementserver the decryptor ID, and the creator ID and the second encipheredsession key in the accepted enciphered file.

The key management server judges whether or not the received creator IDis stored as a decryption object ID in the management database incorrespondence with the decryptor ID transmitted from the client. Whenthe creator ID is stored as the decryption object ID in the managementdatabase, the second enciphered session key is deciphered with theinherent key stored in the management database in correspondence withthe creator ID, to obtain a session key, the obtained session key isenciphered with the inherent public key stored in the managementdatabase in correspondence with the decryptor ID, to generate a thirdenciphered session key, and the generated third enciphered session keyis transmitted to the client.

The client deciphers the third enciphered session key transmitted fromthe key management server with the inherent secret key stored in theinherent data storing means, to obtain a session key, and deciphers theenciphered data in the accepted enciphered file with the obtainedsession key, to obtain plaintext data.

In the cryptographic system according to the third invention, thesession key is enciphered with the common public key in the client, togenerate the first enciphered session key, and the common secret key isused in the key management server so that the first enciphered sessionkey is deciphered, to obtain the session key. Also in the cryptographicsystem according to the third invention, the secrecy of the inherent keyis high, and authorization to decipher the enciphered file can beintensively managed in the key management server, as in thecryptographic system according to the second invention. Further, it ispossible to prevent the action of a person having no decryptionauthorization impersonating a user having decryption authorization toimproperly decipher the enciphered file.

A cryptographic system according to a fourth invention comprises a keymanagement server and a client which are connected to each other througha network. The key management server comprises a first managementdatabase for storing, with respect to each of users, an inherent ID andan inherent public key which are inherent in the user, and a group ID ofa group to which the user belongs, and a second management database forstoring, with respect to each of groups, a group ID and a group keywhich are inherent in the group. The client comprises inherent datastoring means for storing the inherent ID and an inherent secret keypaired with the inherent public key, and session key generating means.Of course, the first management database and the second managementdatabase can be constructed as one management database.

The client accepts the entry of plaintext data, generates a session keyby the session key generating means, enciphers the entered plaintextdata with the generated session key, to create enciphered data. Thesession key is enciphered with the inherent secret key stored in theinherent data storing means, to generate a first enciphered session key,and the inherent ID stored in the inherent data storing means is used asa creator ID, to transmit to the key management server the creator IDand the generated first enciphered session key.

The key management server deciphers the first enciphered session keytransmitted from the client with the inherent public key stored in thefirst management database in correspondence with the creator ID, toobtain a session key, enciphers the obtained session key with the groupkey stored in the second management database in correspondence with thegroup ID stored in the first management database in correspondence withthe creator ID, to generate a group enciphered session key. The group IDand the generated group enciphered session key are transmitted to theclient.

In the client, the group ID and the group enciphered session key whichhave been transmitted from the key management server are added to theenciphered data, to create an enciphered file. The enciphered file has agroup ID of a group to which a creator of the enciphered file belongsand the group enciphered session key (obtained by enciphering thesession key with the group key stored in the second management databasein correspondence with the group ID) added to the enciphered datacreated by enciphering the plaintext data with the session key. When thecreator of the enciphered file belongs to a plurality of groups, a groupkey for each of the groups (group IDs) is used, so that a plurality ofgroup enciphered session keys are generated and are added to theenciphered data.

The client uses, when it accepts the entry of the enciphered file, theinherent ID stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and the groupID and the group enciphered session key in the accepted enciphered file.

The key management server judges whether or not the received group ID isregistered in the first management database in correspondence with thedecryptor ID transmitted from the client. When the received group ID isregistered in the first management database, the group encipheredsession key is deciphered with the group key stored in the secondmanagement database in correspondence with the group ID, to obtain asession key, the obtained session key is enciphered with the inherentpublic key stored in the first management database in correspondencewith the decryptor ID, to generate a second enciphered session key, andthe generated second enciphered session key is transmitted to theclient.

In the client, the second enciphered session key transmitted from thekey management server is deciphered with the inherent secret key storedin the inherent data storing means, to obtain a session key, and theenciphered data in the accepted enciphered file is deciphered with theobtained session key, to obtain plaintext data.

In the fourth invention, a user belonging to the same group as the groupto which the creator of the enciphered file belongs is givenauthorization to decipher the enciphered file. The group ID of the groupto which the user of the cryptographic system belongs is stored in thefirst management database in the key management server. Accordingly, thedecryption authorization can be intensively managed by managing thegroup to which the user belongs in the key management server.

When the creator of the enciphered file creates the enciphered file, auser who is authorized to decipher the created enciphered file may bedesignated, and the designated user may be given authorization todecipher the enciphered file. In a cryptographic system according to afifth invention, a key management server comprises a management databasefor storing, with respect to each of users, an inherent ID, an inherentkey, and an inherent public key which are inherent in the user. A clientcomprises inherent data storing means for storing the inherent ID and aninherent secret key paired with the inherent public key, and session keygenerating means.

The client generates, when it accepts the entry of plaintext data, asession key by the session key generating means, and enciphers theentered plaintext data with the generated session key, to createenciphered data, and further accepts the designation of a decryptionauthorized user (authorizer). The session key is enciphered with theinherent secret key stored in the inherent data storing means, togenerate a first enciphered session key. An inherent ID of thedesignated decryption authorized user is used as a designated decryptionauthorized user ID, and the inherent ID stored in the inherent datastoring means is used as a creator ID, to transmit to the key managementserver the designated decryption authorized user ID, the creator ID, andthe generated first enciphered session key.

The key management server deciphers the first enciphered session keytransmitted from the client with the inherent public key stored in themanagement database in correspondence with the creator ID, to obtain asession key, and the obtained session key is enciphered with theinherent key stored in the management database in correspondence withthe designated decryption authorized user ID, to generate a secondenciphered session key. The generated second enciphered session key istransmitted to the client.

The client further adds to the enciphered data the designated decryptionauthorized user ID and the second enciphered session key transmittedfrom the key management server, to create an enciphered file.

When the entry of the enciphered file created in the above-mentionedmanner is accepted in the client, the client uses the inherent ID storedin the inherent data storing means as a decryptor ID, to transmit to thekey management server the decryptor ID, and the designated decryptionauthorized user ID and the second enciphered session key in the acceptedenciphered file.

The key management saver judges whether or not the decryptor IDtransmitted from the client is the same as the designated decryptionauthorized user ID, deciphers, when the decryptor ID is the same as thedesignated decryption authorized user ID, the second enciphered sessionkey with the inherent key stored in the management database incorrespondence with the decryptor ID, to obtain a session key, andenciphers the obtained session key with the inherent public key storedin the management database in correspondence with the decryptor ID, togenerate a third enciphered session key. The generated third encipheredsession key is transmitted to the client.

In the client, the third enciphered session key transmitted from the keymanagement server is deciphered with the inherent secret key stored inthe inherent data storing means, to obtain a session key, and theenciphered data in the accepted enciphered file is deciphered with theobtained session key, to obtain plaintext data.

When a creator of the enciphered file creates the enciphered file, agroup which is authorized to decipher the created enciphered file may bedesignated, and a user belonging to the designated group may be givenauthorization to decipher the enciphered file. A cryptographic systemaccording to a sixth invention includes a key management servercomprising a first management database for storing, with respect to eachof users, an inherent ID and an inherent public key which are inherentin the user, and a group ID of a group to which the user belongs, and asecond management database for storing, with respect to each of groups,a group ID and a group key which are inherent in the group, and a clientcomprising inherent data storing means for storing the inherent ID andan inherent secret key paired with the inherent public key, and sessionkey generating means.

When the entry of plaintext data is accepted, the client generates asession key by the session key generating means, and enciphers theentered plaintext data with the generated session key, to createenciphered data. The designation of a decryption authorized group isaccepted. Further, the session key is enciphered with the inherentsecret key stored in the inherent data storing means, to generate afirst enciphered session key. A group ID of the designated decryptionauthorized group is used as a designated decryption authorized group ID,and an inherent ID stored in the inherent data storing means is used asa creator ID, to transmit to the key management server the designateddecryption authorized group ID, the creator ID, and the generated firstenciphered session key.

The key management server deciphers the first enciphered session keytransmitted from the client with the inherent public key stored in thefirst management database in correspondence with the creator ID, toobtain a session key, and enciphers the obtained session key with thegroup key stored in the second management database in correspondencewith the designated decryption authorized group ID, to generate a groupenciphered session key. The generated group enciphered session key istransmitted to the client.

In the client, the designated decryption authorized group ID and thegroup enciphered session key transmitted from the key management serverare added to the enciphered data, to create an enciphered file.

The client uses, when it accepts the entry of the enciphered filecreated in the above-mentioned manner, the inherent ID stored in theinherent data storing means as a decryptor ID, to transmit to the keymanagement server the decryptor ID, and the designated decryptionauthorized group ID and the group enciphered session key in the acceptedenciphered file.

The key management server judges whether or not the same group ID as thedesignated decryption authorized group ID transmitted from the client isstored in the first management database in correspondence with thereceived decryptor ID. When the same group ID as the designateddecryption authorized group ID is stored in the first managementdatabase in correspondence with the received decryptor ID, the groupenciphered session key is deciphered with the group key stored in thesecond management database in correspondence with the group ID, toobtain a session key, and the obtained session key is enciphered withthe inherent public key stored in the first management database incorrespondence with the decryptor ID, to generate a second encipheredsession key. The generated second enciphered session key is transmittedto the client.

In the client, the second enciphered session key transmitted from thekey management server is deciphered with the inherent secret key storedin the inherent data storing means, to obtain a session key, and theenciphered data in the accepted enciphered file is deciphered with theobtained session key, to obtain plaintext data.

The present invention also provides a deciphering device suitable forutilization in the above-mentioned cryptographic systems according tothe first to sixth inventions, its control program, and a recordingmedium having the control program recorded thereon and an encipheredfile.

For example, a deciphering device suitable for utilization of the firstto third cryptographic systems is connected through a network to a keymanagement server comprising a management database for storing, withrespect to each of users, an inherent ID, an inherent key, and aninherent public key which are inherent in the user, and a decryptionobject ID which is an inherent ID of a creator of an enciphered filedecipherable by the user. The deciphering device comprises inherent datastoring means for storing the inherent ID and an inherent secret keypaired with the inherent public key, enciphered file entering means foraccepting the entry of an enciphered file obtained by adding, toenciphered data obtained by enciphering plaintext data with a sessionkey generated every time the plaintext data is enciphered, a creator IDwhich is an inherent ID of a creator of the enciphered data, and a firstenciphered session key obtained by enciphering the session key with aninherent key for the creator of the enciphered data, transmitting meansfor transmitting to the key management server a decryptor ID which isthe inherent ID stored in the inherent data storing means in thedeciphering device, and the creator ID and the first enciphered sessionkey in the accepted enciphered file, receiving means for receiving, fromthe key management server which has received the decryptor ID, and thecreator ID and the first enciphered session key, a second encipheredsession key obtained by enciphering a session key obtained bydeciphering the first enciphered session key with the inherent keystored in the management database in correspondence with the creator IDwith the inherent public key stored in the management database incorrespondence with the decryptor ID, and deciphering means fordeciphering the received second enciphered session key with the inherentsecret key stored in the inherent data storing means, to obtain asession key, and deciphering the enciphered data in the acceptedenciphered file with the obtained session key, to obtain plaintext data.

The inherent ID stored in the inherent data storing means in thedeciphering device is handled as the decryptor ID. When the decryptor IDis stored as a decryption object ID in the management database incorrespondence with the creator ID of the creator of the encipheredfile, the first enciphered session key is deciphered with the inherentkey corresponding to the creator ID, to obtain a session key in the keymanagement server. The second enciphered session key obtained byenciphering the session key with an inherent public key for a decryptoris received in the deciphering device. The inherent secret key stored inthe inherent data storing means in the deciphering device is paired withthe above-mentioned inherent public key. Accordingly, the secondenciphered session key is deciphered by the deciphering device, therebymaking it possible to obtain the session key. The enciphered data can bedeciphered with the session key.

An enciphered file created by each of cryptographic systems according tothe first to third inventions is created, in a cryptographic system inwhich a key management server comprising a management database forstoring, with respect to each of users, an inherent ID, an inherent key,and an inherent public key which are inherent in the user, and adecryption object ID which is an inherent ID of a creator of anenciphered file decipherable by the user, and a client comprisinginherent data storing means for storing the inherent ID and an inherentsecret key paired with the inherent public key, and session keygenerating means are connected to each other through a network, by theclient.

The enciphered file has a creator ID which is an inherent ID of thecreator of the enciphered file stored in the inherent data storing meansin the client and an enciphered session key obtained by enciphering thesession key with the inherent key for the creator of the enciphered fileadded to enciphered data obtained by enciphering plaintext data with asession key generated by the session key generating means in the clientevery time the plaintext data is enciphered. The plaintext data isenciphered with the session key generated every time the plaintext datais enciphered, so that the secrecy of the enciphered file is high.

The inherent key used for generating the enciphered session key isobtained by deciphering the enciphered inherent key transmitted from thekey management server to the client in response to the transmission ofthe inherent ID stored in the inherent data storing means in the clientto the key management server from the client with the inherent secretkey stored in the inherent data storing means in the client. Theenciphered inherent key is obtained by enciphering, in the keymanagement server which has received the inherent ID, the inherent keystored in the management database in correspondence with the inherent IDwith the inherent public key stored in the management database incorrespondence with the inherent ID. Even if an attempt to improperlycreate the enciphered file using an ID of another person is made,therefore, an unauthorized user having no inherent secret key to be usedfor deciphering the enciphered inherent key cannot obtain the inherentkey (cannot decipher the enciphered inherent key). No enciphered filecan be eventually created.

The other features of the present invention will become apparent fromthe following embodiments.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a block diagram showing the overall configuration of acryptographic system according to a first embodiment.

FIG. 2 illustrates the overall configuration of the cryptographic systemaccording to the first embodiment in detail.

FIG. 3 a and FIG. 3 b respectively illustrate the contents of managementdata that a user having an ID “001” has and the contents of managementdata that a user having an ID “002” has.

FIG. 4 illustrates the contents of a management database.

FIG. 5 is a flow chart showing the flow of processing based on amanagement data creation program.

FIG. 6 is a flow chart showing the flow of processing based on a publickey/secret key generation program and the flow of processing based on apublic key receiving program.

FIG. 7 illustrates public key registering processing by giving attentionto transmission/receiving of keys.

FIG. 8 is a flow chart showing the flow of processing based on anencryption/decryption program.

FIG. 9 is a flow chart showing the flow of processing based on a keydistribution program.

FIG. 10 is a block diagram showing enciphered file creating processingby giving attention to processing performed by a client and a keymanagement server.

FIG. 11 illustrates enciphered file creating processing by givingattention to transmission/receiving of keys.

FIG. 12 is a block diagram showing enciphered file decipheringprocessing by giving attention to processing performed by a client and akey management server.

FIG. 13 illustrates enciphered file deciphering processing by givingattention to transmission/receiving of keys.

FIG. 14 schematically illustrates the data structure of an encipheredfile.

FIG. 15 illustrates the overall configuration of a cryptographic systemaccording to a second embodiment.

FIG. 16 a and FIG. 16 b respectively illustrate the contents ofmanagement data that a user having an ID “001” has and the contents ofmanagement data that a user having an ID “002” has.

FIG. 17 illustrates the contents of a management database.

FIG. 18 is a flow chart showing the flow of processing based on a firstpublic key/first secret key generation program.

FIG. 19 is a flow chart showing the flow of processing based on an IDfile creation/distribution program, the flow of processing based on anID setup program and the flow of processing based on a second public keyregistration program.

FIG. 20 illustrates second public key registering processing by givingattention to transmission/receiving of keys.

FIG. 21 is a flow chart showing the flow of processing based on anenciphered file creation program.

FIG. 22 is a flow chart showing the flow of processing based on anenciphered file processing program.

FIG. 23 is a block diagram showing enciphered file creating processingby giving attention to processing performed by a client and a keymanagement server.

FIG. 24 illustrates enciphered file creating processing by givingattention to transmission/receiving of keys.

FIG. 25 is a flow chart showing the flow of processing based on adecryption program.

FIG. 26 is a flow chart showing the flow of processing based on adeciphering processing program.

FIG. 27 is a block diagram showing enciphered file decipheringprocessing by giving attention to processing performed by a client and akey management server.

FIG. 28 illustrates enciphered file deciphering processing by givingattention to transmission/receiving of keys.

FIG. 29 illustrates enciphered file creating processing in a modifiedexample of the second embodiment by giving attention totransmission/receiving of keys.

FIG. 30 illustrates the overall configuration of a cryptographic systemaccording to a third embodiment.

FIG. 31 illustrates the contents of a first management database and asecond management database.

FIG. 32 is a flow chart showing the flow of processing based on a firstmanagement data creation program.

FIG. 33 is a flow chart showing the flow of processing based on a secondmanagement data creation program.

FIG. 34 is a flow chart showing the flow of processing based on anenciphered file creation program.

FIG. 35 is a flow chart showing the flow of processing based on anenciphered file processing program.

FIG. 36 is a block diagram showing enciphered file creating processingby giving attention to processing performed by a client and a keymanagement server.

FIG. 37 illustrates enciphered file creating processing by givingattention to transmission/receiving of keys.

FIG. 38 is a flow chart showing the flow of processing based on adecryption program.

FIG. 39 is a flow chart showing the flow of processing based on adeciphering processing program.

FIG. 40 is a block diagram showing enciphered file decipheringprocessing by giving attention to processing performed by a client and akey management server.

FIG. 41 illustrates enciphered file deciphering processing by givingattention to transmission/receiving of keys.

FIG. 42 illustrates the overall configuration of a cryptographic systemaccording to a fourth embodiment.

FIG. 43 illustrates the contents of a first management database.

FIG. 44 is a flow chart showing the flow of processing based on anenciphered file creation program.

FIG. 45 is a flow chart showing the flow of processing based on anenciphered file processing program.

FIG. 46 is a block diagram showing enciphered file creating processingby giving attention to processing performed by a client and a keymanagement server.

FIG. 47 is a block diagram showing enciphered file creating processingby giving attention to processing performed by a client and a keymanagement server.

FIG. 48 is a flow chart showing the flow of processing based on adecryption program.

FIG. 49 is a flow chart showing the flow of processing based on adeciphering processing program.

FIG. 50 is a block diagram showing enciphered file decipheringprocessing by giving attention to processing performed by a client and akey management server.

FIG. 51 is a block diagram showing enciphered file decipheringprocessing by giving attention to processing performed by a client and akey management server.

BEST MODE FOR CARRYING OUT THE INVENTION FIRST EMBODIMENT

FIG. 1 is a block diagram showing the overall configuration of acryptographic system according to a first embodiment. The cryptographicsystem comprises a key management server computer (hereinafter referredto as a key management server) 10, a plurality of client computers (userterminals) (hereinafter referred to as clients) (in the cryptographicsystem shown in FIG. 1, four clients 20, 30, 40, and 50 areillustrated), and a network 1 (including both a dedicated line and apublic line) for connecting the key management server 10 and theplurality of clients 20, 30, . . . .

In the cryptographic system, each of members (users) who utilize thesystem can generate a session key using a client, and encipher (encrypt)plaintext data with the generated session key, to create enciphered datausing the client, as described later. The user can decipher (decrypt)the created enciphered data into plaintext data with the session key (inthis sense, it can be said that the session key is anencryption/decryption key). Further, the cryptographic system ischaracterized in that the key management server 10 and the clients 20,30 . . . are controlled such that the particular user can decipherenciphered data created by the other user who utilizes the cryptographicsystem.

FIG. 2 is a block diagram showing the overall configuration of thecryptographic system shown in FIG. 1 in more detail. In thecryptographic system shown in FIG. 2, only the two clients (the client20 and the client 30) are illustrated.

The key management server 10 comprises a control device 11, a firststorage device 12, a second storage device 13, and a floppy-disk drive(hereinafter referred to as FDD) 14. The control device 11 is a computersystem comprising a CPU, a memory (RAM), a communication device (amodem, a terminal adaptor, a router, etc.; used as transmitting means,receiving means, or distributing means), an input device (a keyboard, amouse, etc.; used as entering means), and a display device (a CRT(Cathode-Ray Tube) display, an LCD (Liquid Crystal Display), etc.).Various types of programs, described later, are read in a CPU includedin the control device 11 so that the control device 11 (CPU) functionsas key generating means, enciphering means, deciphering means, judgingmeans, etc. A hard disk (drive) is generally used for the first storagedevice 12 and the second storage device 13. The first storage device 12and the second storage device 13 may be respectively different harddisks. Alternatively, two different regions may be provided in one harddisk and respectively positioned as the first storage device 12 and thesecond storage device 13.

The first storage device 12 in the key management server 10 is providedwith a management database 15. The management database 15 is a databasestoring an ID, an inherent key, etc. with respect to each of the usersof the cryptographic system (the details thereof will be describedlater). The second storage device 13 stores a public key receivingprogram, a management data creation program, and a key distributionprogram. Processing based on the programs (the operations of the keymanagement server 10 controlled by the programs) will be describedlater.

The client 20 (which is taken as a computer of a user A) comprises acontrol device 21 comprising a CPU, a memory (RAM), a communicationdevice, an input device, a display device, etc., a storage device 22,and an FDD 23. The client 30 (which is taken as a computer of a user B)also has the same hardware configuration (a control device 31, a storagedevice 32, and an FDD 33) as that of the client 20. Each of the storagedevice 22 in the client 20 and the storage device 32 in the client 30stores an encryption/decryption program and a public key/secret keygeneration program. The programs are read in the CPUs in the controldevices 21, 31, . . . , whereby the control devices 21, 31, . . . (CPUs)function as enciphering means, deciphering means, key generating means,etc. The details of the encryption/decryption program and the publickey/secret key generation program will be described later.

The users A and B respectively have an FD 24 having inherent data 25recorded thereon and an FD 34 having inherent data 35 recorded thereon.FIG. 3 a and FIG. 3 b respectively illustrate an example of the inherentdata 25 recorded on the FD 24 that the user A has and an example of theinherent data 35 recorded on the FD 34 that the user B has.

An ID and a secret key are recorded as the inherent data on the FD thateach of the users of the cryptographic system has.

The “ID” is a unique identification code (number) for specifying each ofthe users who utilize the cryptographic system. The ID “001” and the ID“002” respectively represent the user A and the user B.

The “secret key” is, in a pair of a public key and a secret keygenerated by the public key/secret key generation program stored in eachof the storage devices 22 and 32 in the clients 20 and 30, the secretkey. As described later, in the clients 20, 30 . . . , the publickey/secret key generation program is executed when the cryptographicsystem is set up (or the client is added to the cryptographic system).The inherent data 25 and 35 respectively include a secret key S1 and asecret key S2.

The ID “001” and the ID “002” respectively included in the inherent data25 and 35 are recorded on the FDs 24 and 34 using the floppy disk drive(FDD) 14 in the key management server 10. The management database 15 inthe key management server 10 is utilized for respectively recording theIDs on the FDs 24 and 34. FIG. 4 illustrates an example of themanagement database 15.

The management database 15 stores management data for each of theplurality of users who utilize the cryptographic system. The managementdata includes an “ID”, an “invalid flag”, a “public key”, an “inherentkey”, a “decryption object ID1”, a “decryption object ID2”, a“decryption object ID3”, etc.

The “ID” is an identification code for identifying the user who utilizesthe cryptographic system and having a one-to-one correspondence with theuser, as described above.

The “invalid flag” stores a flag (an invalid flag “FF”) indicating thatwhen the user who utilizes the cryptographic system is not authorized toutilize the cryptographic system after that, authorization by the userto utilize the cryptographic system has invalidated. The invalid flag isstored in the management data by a manager of the key management server10.

The “public key” is, in a pair of a public key and a secret keygenerated by the execution of the public key/secret key generationprogram in the client, the public key. The public keys is previouslytransmitted to the key management server 10 from each of the clients 20,30 . . . (the details thereof will be described later).

The “inherent key” is random number data inherent in each of the userswho utilize the cryptographic system. The inherent key is used forenciphering the session key used for enciphering the plaintext data anddeciphering the enciphered session key.

Each of the “decryption object ID1”, the “decryption object ID2”, the“decryption object ID3” . . . stores an ID of a creator of adecipherable enciphered file (an ID of a decryption object). In thecryptographic system, the relationship between the user who utilizes thecryptographic system and the creator of the enciphered file decipherableby the user (the creator is also the user who utilizes the cryptographicsystem) is previously determined.

For example, the management data related to the ID “001” includes asdecryption object IDs four IDs, i.e., “001”, “002”, “003”, and “004”.This means that the user (the user A) having the ID “001” hasauthorization to respectively decipher the enciphered files created bythe users having the IDs “001”, “002”, “003” and “004”. Similarly, themanagement data related to the ID “002” includes IDs “002” and “004” asdecryption object IDs. Therefore, the user having the ID “002” (the userB) has authorization to respectively decipher the enciphered filescreated by the users having the IDs “002” and “004”.

FIG. 5 is a flow chart showing the flow of processing based on themanagement data creation program stored in the second storage device 13in the key management server 10. The management data is stored in theabove-mentioned management database 15 in accordance with the managementdata creation program.

When the manager of the key management server 10 enters an instructionto start the management data creation program from the input device, themanagement data creation program is read out of the second storagedevice 13 in the key management server 10, and is read in the CPU. Themanagement data creation program is executed.

First, user information such as the name of the user who utilizes thecryptographic system is entered from the input device in the keymanagement server 10 by the manager of the key management server 10(step 101). When the entry of the user information is completed, an IDis assigned to the user. The assigned ID is registered in an ID columnin the management database 15 provided for the first storage device 12(step 102).

A random number is generated. The generated random number is registeredin an inherent key column as an inherent key corresponding to theregistered ID (step 103).

A list of the management data (the whole of the management database 15)is displayed on a display screen of the display device (step 104). Whenmanagement data related to the other user has already been registered inthe management database 15, an ID, an inherent key, etc. of the user aredisplayed by icons or the like. The manager of the key management server10 registers an ID of a decryption object in a decryption object IDcolumn (a decryption object ID1, a decryption object ID2, a decryptionobject ID3 . . . ) (step 105).

When the management data related to the other user is registered, theabove-mentioned operations are repeated (NO in step 106, step 101). Whenthe entry of data related to all the users is terminated, the entry ofthe management data excluding the public key to be stored in a publickey column is completed (see FIG. 4). The manager of the key managementserver 10 terminates the processing based on the management datacreation program (YES in step 106).

To the users for which the management data are created by the managementdata creation program, the FDs having the IDs for specifying the usersrecorded thereon are respectively distributed.

The user who has received the FD having the ID recorded thereon executesthe public key/secret key generation program from the input device inthe client. On the other hand, in the key management server 10, thereceiving of the public key generated in the client is prepared by thepublic key receiving program. FIG. 6 shows side by side a flow chartshowing processing based on the public key/secret key generation programexecuted in the client and a flow chart showing processing based on thepublic key receiving program executed in the key management server 10.FIG. 7 illustrates the processing shown in FIG. 6 by giving attention totransmission/receiving of keys. As a representative of the clients 20,30 . . . , the operations of the client 20 (the computer of the user A)will be described.

When the public key/secret key generation program is executed in theclient 20, the pair of the public key and the secret key is generated(step 111, the public key and the secret key are respectively denoted by“OP1” and “S1”). The public key/secret key generation program reads outthe ID “001” from the FD 24, and transmits the read ID “001” and thegenerated public key OP1 to the key management server 10. Further, thegenerated secret key S1 is recorded on the FD 24 (step 112). The ID“001” and the secret key S1 (the inherent data 25) are recorded on theFD 24 (see FIG. 3 a).

The key management server 10 waits for the receiving of the ID and thepublic key which are transmitted from the client by the public keyreceiving program (NO in step 113). When the ID “001” and the public keyOP1 are received from the client 20 (YES in step 113), the keymanagement server 10 stores the received public key OP1 in the publickey column in the management data corresponding to the received ID “001”(step 114). The public key generated in the other client is transmittedto the key management server 10 and is registered in the management datain the same way. The management database 15 is completed.

FIG. 8 is a flow chart showing the flow of processing based on theencryption/decryption program stored in the storage device in theclient. FIG. 9 is a flow chart showing the flow of processing based onthe key distribution program executed in the key management server 10.FIG. 10 is a block diagram showing processing performed by the client 20and the key management server 10 in enciphering processing (encipheredfile creating processing) in the processing shown in FIGS. 8 and 9. FIG.11 illustrates the enciphering processing (enciphered file creatingprocessing) by giving attention to transmission/receiving of keys. FIG.12 is a block diagram showing processing performed by the client 20 andthe key management server 10 in enciphered file deciphering processingin the processing shown in FIGS. 8 and 9. FIG. 13 illustrates theenciphered file deciphering processing by giving attention totransmission/receiving of keys. In a case where the user who utilizesthe cryptographic system enciphers the plaintext data or a case wherethe user deciphers the enciphered file, the encryption/decryptionprogram is executed in the client. The enciphered file creatingprocessing and the enciphered file deciphering processing can be alsorealized by causing the computer (the client and the key managementserver 10) to execute the programs (here, the encryption/decryptionprogram and the key distribution program), or can be also realized usinghardware (an enciphering circuit, a deciphering circuit, etc.) whichshares processing based on parts or all of the programs, as subsequentlydescribed.

When an instruction to start the encryption/decryption program isentered from the input device in the client, the encryption/decryptionprogram is read out of the storage device in the client, and is read inthe CPU. The encryption/decryption program is executed. In the followingdescription, the operations of the client 20 (the computer of the userA) will be taken as an example.

The plaintext data to be enciphered or the enciphered file to bedeciphered is entered (step 121). The plaintext data or the encipheredfile may be entered through a conveyable recording medium such as FD(Floppy Disk), CD-ROM (Compact Disc Read-Only Memory), CD-R (CompactDisc-Recordable), CD-RW (Compact Disc-Rewritable), or MO(Magneto-Optic), may be one stored in the storage device 22 in theclient 20, or may be one stored in the storage device in the otherclient such as the client 30 or 40 and read out through the network 1.

When the plaintext data is entered (enciphered in step 121), the ID“001” in the inherent data 25 recorded on the FD 24 mounted on the FDD23 in the client 20 is transmitted to the key management server 10 (step122). The encryption/decryption program waits for the receiving of data(described later) transmitted from the key management server 10 (step123).

The key distribution program (FIG. 9) in the key management server 10waits for the receiving of an ID transmitted from the client or the IDand header information transmitted from the client (step 141). When thekey management server 10 receives the ID “001” from the client 20, theprocessing based on the key distribution program progresses (YES in step141).

The management data including the received ID “001” is read out of themanagement database 15 provided in the first storage device 12 (step142). The read management data is temporarily stored in the memory inthe control device 11.

It is judged whether or not the invalid flag “FF” is stored in themanagement data temporarily stored in the memory (step 143).

When the invalid flag is not stored in the management data (NO in step143), it is judged whether or not the header information is received(step 144). When the enciphered file is deciphered (FIG. 8; the case of“deciphered” in step 121), the header information is transmitted to thekey management server 10 from the client, as described later. In thecase of processing for enciphering the plaintext data, the headerinformation is not received in the key management server 10 (NO in step144). The key management server 10 enciphers an inherent key SK1 withthe public key OP1 in the management data temporarily stored in thememory. An enciphered inherent key SK1 <OP1> is obtained (step 145). Thegenerated enciphered inherent key SK1 <OP1> is distributed to the client20 (step 146). The key distribution program waits for the receiving ofan ID or the ID and header information again (step 141).

As described above, the encryption/decryption program in the client 20(FIG. 8) waits for the data transmitted from the key management server10 (step 123). When the client 20 receives the enciphered inherent keySK1 <OP1> distributed from the key management server 10, the processingbased on the encryption/decryption program progresses in the client 20(YES in step 123).

In a case where the invalid flag “FF” is not received (a case where theenciphered inherent key is received) (NO in step 124), the receivedenciphered inherent key SK1 <OP1> is deciphered with the secret key S1recorded on the FD 24 (step 125). The enciphered inherent key SK1 <OP1>is deciphered, to obtain an inherent key SK1.

A random number is generated (step 126). The generated random number isused as a session key. The entered plaintext data is enciphered with thegenerated session key (step 127). Enciphered data is created.

The session key used for enciphering the plaintext data is encipheredwith the inherent key SK1 obtained by deciphering the encipheredinherent key SK1 <OP1> received from the key management server 10 (step128). An enciphered session key is obtained. A key obtained byenciphering the session key with the inherent key is hereinafterreferred to as a “first enciphered session key”.

An enciphered file having the ID “001” and the first enciphered sessionkey added as header information to the created enciphered data iscreated (step 129; the enciphered file is schematically illustrated inFIG. 14). The created enciphered file is stored in the storage device 22in the client 20. The processing based on the encryption/decryptionprogram is terminated. The header information includes an ID of acreator (a creator ID) of the enciphered data (enciphered file).

When the invalid flag “FF” is stored in the management data read in thememory in the key management server 10 (FIG. 9; YES in step 143), thekey distribution program transmits the invalid flag “FF” to the client20 (step 152). In the client 20 which has received the invalid flag“FF”, the processing based on the encryption/decryption program isterminated (FIG. 8; YES in step 124).

As described above, the invalid flag “FF” is stored in the managementdata related to the user who is not authorized to utilize thecryptographic system by the manager of the key management server 10. Inthis case, the plaintext data is not enciphered using theencryption/decryption program. Enciphering processing performed by theuser who has stored the invalid flag can be inhibited by storing theinvalid flag in the management data. The users can be intensivelymanaged in the key management server 10. Further, it is possible toprevent enciphering processing performed by a person who is notauthorized to utilize the cryptographic system.

When the enciphered file (see FIG. 14) is entered into the client 20(deciphered in step 121), the ID “001” (a decryptor ID) and the headerinformation in the entered enciphered file are transmitted to the keymanagement server 10 from the client 20 (step 131). Theencryption/decryption program waits for the receiving of data (describedlater) transmitted from the key management server 10 (step 132).

When the invalid flag “FF” is stored in the management data read in thememory in the key management server 10 (FIG. 9; YES in step 143), theinvalid flag “FF” is transmitted to the client 20 from the keymanagement server 10 (step 152). In the client 20, the processing basedon the encryption/decryption program is terminated (FIG. 8; YES in step133). The enciphered file is prevented from being improperly decipheredby the user who is not authorized to decipher the enciphered file.

When the invalid flag is not stored in the management data (NO in step143), it is judged whether or not the header information is received(step 144). When the enciphered file is deciphered, as described above(FIG. 8; the case of “deciphered” in step 121), the key managementserver 10 receives the header information in the enciphered file to bedeciphered (YES in step 144). The key distribution program judgeswhether or not the ID included in the received header information is adecryption object ID (step 147).

As described above, the ID of the creator of the decipherable encipheredfile is stored in the decryption object ID column in the managementdata. On the other hand, the header information transmitted to the keymanagement server 10 from the client includes the ID of the creator ofthe enciphered file. When the same ID as the ID included in the receivedheader information (the ID of the creator of the enciphered file) isstored in the decryption object ID column in the management data, it isjudged that the user who will perform the deciphering processing is theuser having authorization to decipher the enciphered file to bedeciphered (YES in step 147).

The header information transmitted to the key management server 10 fromthe client 20 includes the first enciphered session key together withthe ID of the creator of the enciphered file. The first encipheredsession key is obtained by enciphering the session key with an inherentkey for the creator of the enciphered file. The key distribution programspecifies the creator of the enciphered file on the basis of the creatorID of the enciphered file in the header information, and deciphers thefirst enciphered session key using the inherent key in the managementdata related to the user (step 148). The first enciphered session key isdeciphered, to obtain a session key.

The obtained session key is enciphered with the public key OP1 for theuser who will decipher the enciphered file (here, the user A having theID “001”) (step 149). An enciphered session key is generated. A keyobtained by enciphering the session key with the public key ishereinafter referred to as a “second enciphered session key” in thefirst embodiment. The second enciphered session key is distributed tothe client 20 from the key management server 10 (step 150).

In a case where the invalid flag “FF” is not received (NO in step 133),and an undecipherable flag “FD” (described later) is not also received(NO in step 134) (which is a case where the second enciphered sessionkey is received), the received second enciphered session key isdeciphered with the secret key S1 recorded on the FD 24 (step 135). Asession key is obtained. The enciphered data is deciphered with theobtained session key (step 136). Plaintext data is obtained.

When the same ID as the ID included in the received header information(the ID of the creator of the enciphered file) is not stored in thedecryption object ID column in the management data, the key distributionprogram judges that the user who will perform deciphering processing isthe user having no authorization to decipher the enciphered file to bedeciphered (YES in step 144, and NO in step 147). In this case, theundecipherable flag “FD” is transmitted to the client 20 from the keymanagement server 10 (step 151).

In the client 20 which has received the undecipherable flag “FD”, thedeciphering processing is terminated (YES in step 134). The enciphereddata is prevented from being deciphered by a person having no decryptionauthorization.

For example, it is assumed that in a state where the management database15 shown in FIG. 4 is provided for the first storage device 12 in thekey management server 10, the user B (the ID “002”) executes theencryption/decryption program using the client 30, to enter anenciphered file.

When the entered enciphered file is an enciphered file created by theuser B himself or herself, the enciphered file is allowed to bedeciphered because management data related to the user B (the ID “002”)includes the ID “002” as a decryption object ID (NO in step 134, andsteps 135 and 136). Since the management data related to the user B (theID “002”) also includes the ID “004” as the decryption object ID, theuser B can also decipher an enciphered file created by the user havingthe ID “004”. On the other hand, the management data related to the userB does not include the ID “001” as the decryption object ID. When theuser B attempts to decipher the enciphered file created by the userhaving the ID “001” (the user A), therefore, the undecipherable flag“FD” is transmitted to the client 30 (step 134). The user B cannotdecipher the enciphered file created by the user A.

The cryptographic system can be utilized in the following circumstances,for example. In the management database 15 provided in the keymanagement server 10, management data related to each of employees of acompany or the like is generated. In a decryption object ID column inmanagement data related to his or her boss, an ID of the employee whichis a subordinate of the boss is registered. The cryptographic system canbe operated such that the boss can decipher an enciphered file createdby the subordinate, and the subordinate cannot decipher the encipheredfile created by the boss. It is possible to perform authorizationmanagement corresponding to an organization structure in the company orthe like.

Although in the above-mentioned embodiment, the ID is recorded on the FDin the key management server 10 and is distributed to the users, it maybe, of course, recorded on another recording medium such as MO or CD-RWand distributed. An ID is distributed to each of the users through thenetwork 1 by an electronic mail or the like, and an ID and a secret key(inherent data) may be recorded on the hard disk in the client.

The programs for performing the processing in the above-mentionedembodiment can be stored in the storage devices in the key managementserver 10 or the clients 20, 30 . . . by being installed through thenetwork 1 or being installed after being recorded on the CD-ROM or thelike.

SECOND EMBODIMENT

FIG. 15 is a block diagram showing the overall configuration of acryptographic system according to a second embodiment. The configurationof the cryptographic system differs from the configuration of thecryptographic system according to the first embodiment shown in FIG. 2in that an FDD 14 is not connected to a control device 11 in a keymanagement server 10 and in that FDDs 23 and 33 are not respectivelyconnected to control devices 21 and 31 in clients 20 and 30 and secondstorage devices 26 and 36 are connected thereto from the point of viewof hardware. Further, the contents of data and programs which are storedin a first storage device 12 and a second storage device 13 in the keymanagement server 10 in the second embodiment also differ from those inthe first embodiment. The contents of data and programs which are storedin the first storage devices 22, 32 . . . in the clients 20, 30 . . . inthe second embodiment also differ from those in the first embodiment.

The first storage device 12 in the key management server 10 is providedwith a management database 15A, and further stores a pair of a firstpublic key and a first secret key. The management database 15A stores anID, a second public key, an inherent key, etc. with respect to each ofusers of the cryptographic system (the details thereof will be describedlater). The pair of the first public key and the first secret key storedin the first storage device 12 in the key management server 10 isgenerated in the key management server 10 and is stored in the firststorage device 12, as described later. The second storage device 13 inthe key management server 10 stores a management data creation program,a first public key/first secret key generation program, an ID filecreation/distribution program, a second public key registration program,an enciphered file processing program, and a deciphering processingprogram. Processing based on the programs will be also described later.

Each of the first storage device 22 in the client 20 and the firststorage device 32 in the client 30 stores an ID setup program, anenciphered file creation program, and a decryption program. Each of thesecond storage devices 26 and 36 stores inherent data and a first publickey. The details of the processing based on the programs and the datawill be also described later.

FIGS. 16(A) and 16(B) respectively illustrate an example of the inherentdata 25A and the first public key which are stored in the second storagedevice 26 in the client 20 and an example of the inherent data 35A andthe first public key which are stored in the second storage device 36 inthe client 30. The inherent data 25A and 35A respectively differ fromthe inherent data 25 and 35 in the first embodiment shown in FIG. 3 inthat a second secret key is stored in place of the secret key. Further,the second embodiment differs from the first embodiment in that a firstpublic key OP1 is stored in addition to the inherent data in the secondstorage devices 26 and 36. The ID and the second secret key differ foreach of the clients 20 and 30 . . . . The first public key OP1 is commonto all the clients 20, 30 . . . . As described later, the second secretkey is generated in each of the clients 20, 30 . . . . The first publickey OP1 is generated in the key management server 10.

FIG. 17 illustrates the contents of the first storage device 12 in thekey management server 10. The first storage device 12 in the keymanagement server 10 stores the management database 15A and the pair ofthe first public key and the first secret key.

Similarly to the management database 15 in the first embodiment (FIG.4), the management database 15A stores management data related to eachof the users who utilize the cryptographic system. The managementdatabase 15A differs from the management database 15 in the firstembodiment (FIG. 4) in that a second public key is included in place ofthe public key. The second public key is the public key in the pair ofthe public key and the secret key generated by the execution of the IDsetup program in the client, and is transmitted in an enciphered stateto the key management server 10 from each of the clients 20, 30 . . .(the details thereof will be described later). The management dataconstituting the management database 15A is created on the basis of themanagement data creation program (see FIG. 5) except for the secondpublic key registered in a second public key column and is registered inthe management database 15A, as in the first embodiment.

FIG. 18 is a flow chart showing the flow of processing based on thefirst public key/first secret key generation program stored in thesecond storage device 13 in the key management server 10.

When a manager of the key management server 10 enters an instruction tostart the first public key/first secret key generation program from aninput device, the first public key/first secret key generation programis read out of the second storage device 13 in the key management server10, and is read in a CPU. The first public key/first secret keygeneration program is executed when the cryptographic system is set up(when the operations of the cryptographic system are started or when themanagement database 15A is generated).

A pair of a public key and a secret key is generated (step 201). Thepublic key/secret key generated in the key management server 10 isreferred to as a first public key OP1/first secret key S1.

The generated first public key OP1 and first secret key S1 are stored inthe first storage device 12 in the key management server 10 (step 202).The processing based on the first public key/first secret key generationprogram is terminated.

The pair of the public key/secret key is also generated in each of theclients 20, 30 . . . , as subsequently described. The public key/secretkey generated in each of the clients 20, 30 . . . is referred to as asecond public key/second secret key. As described above, the secondpublic key in the pair of the second public key and the second secretkey generated in each of the clients 20, 30 . . . is transmitted in anenciphered state to the key management server 10. In the key managementserver 10, the enciphered second public key is deciphered, and isregistered in a second public key column in the management data providedfor each of the users.

FIG. 19 is a flow chart showing the flow of processing performed by thekey management server 10 and the client until the second public key isstored in the management database 15A in the key management server 10.FIG. 20 illustrates the processing shown in FIG. 19 by giving attentionto transmission/receiving of keys. The ID file creation/distributionprogram and the second public key registration program are executed inthe key management server 10, and the ID setup program is executed inthe client. The operations of the client 20 (a computer of a user A)will be described as a representative of the clients 20, 30 . . . .

When the manager of the key management server 10 enters an instructionto start the ID file creation/distribution program, the ID filecreation/distribution program is executed. A list of the management data(the whole of the management database 15A) is displayed on a displayscreen of a display device (step 211).

The manager of the key management server 10 selects an ID of the userwho should distribute an ID file, described later (step 212). When it isassumed that an ID “001” (an ID of the user A) is selected, an ID fileincluding the selected ID “001” and the first public key OP1 incorrespondence with ID “001” stored in the first storage device 12 iscreated (step 213). The created ID file is distributed toward the client20 (the computer of the user A) through a network 1 (step 214). When theID file is created and is transmitted to the other user, theabove-mentioned processing is also repeated (NO in step 215, step 212).When the distribution of the ID file is tenninated with respect to allthe users, the processing based on the ID file creation/distributionprogram is terminated (YES in step 215).

In the client 20, the ID setup program stored in the first storagedevice 22 is started. The ID file transmitted from the key managementserver 10 is received in the client 20 (step 221).

As described above, the ID “001” and the first public key OP1 areincluded in the ID file distributed to the client 20 from the keymanagement server 10. The ID setup program stores in the second storagedevice 26 the ID “001” and the first public key OP1 which are includedin the ID file (step 222).

The ID setup program further generates a pair of a public key and asecret key (this is a second public key/second secret key) (step 223).In a generated pair of a second public key OP2-1 and a second secret keyS2-1, the second secret key S2-1 is stored in the second storage device26 (step 224). As shown in FIG. 16 a, the second storage device 26 inthe client 20 stores the ID “001” and the second secret key S2-1 (theinherent data 25A), and stores the first public key OP1.

The generated second public key OP2-1 is enciphered with the firstpublic key OP1 distributed from the key management server 10 (step 225).An enciphered second public key OP2-1 <OP1> is obtained. The obtainedenciphered second public key OP2-1 <OP1> and the ID “001” aretransmitted to the key management server 10 from the client 20 (step226). The processing based on the ID setup program in the client 20 isterminated.

In the key management server 10, the second public key registrationprogram waits for the receiving of the ID and the enciphered secondpublic key which are transmitted from the client (NO in step 231). Thekey management server 10 reads out, when it receives the ID “001” andthe enciphered second public key OP2-1 <OP1> from the client 20 (YES instep 231), the first secret key S1 in the pair of the first public keyOP1 and the first secret key S1 stored in the first storage device 12,and deciphers the received enciphered second public key OP2-1 <OP1> withthe first secret key S1 (step 232). A second public key OP2-1 isobtained. The obtained second public key is registered (stored) in themanagement data related to the received ID “001” (step 233). The secondpublic key for each of the users is stored in the management data insuch a way, thereby completing the management database 15A (FIG. 17).

FIG. 21 is a flow chart showing the flow of processing based on theenciphered file creation program stored in the first storage device inthe client. FIG. 22 is a flow chart showing the flow of processing basedon the enciphered file processing program executed in the key managementserver 10 in response to the execution of the enciphered file creationprogram in the client. FIG. 23 shows by a block diagram processingperformed by the client 20 and the key management server 10 in theprocessing for creating the enciphered file shown in FIGS. 21 and 22.FIG. 24 illustrates the processing for creating the enciphered fileshown in FIGS. 21 and 22 by giving attention to the flow of keys.

When an instruction to start the enciphered file creation program isentered from the input device in the client, the enciphered filecreation program is read out of the first storage device in the client,and is read in the CPU. The enciphered file creation program isexecuted. In the following description, the operations of the client 20(the computer of the user A) will be taken as an example.

Plaintext data to be enciphered is entered (step 241).

A random number is generated (step 242). The generated random number isused as a session key. The entered plaintext data is enciphered with thesession key, as described later.

The generated session key is enciphered with the second secret key S2-1in the inherent data 25A stored in the second storage device 26 in theclient 20 (step 243). In the second embodiment, a key obtained byenciphering the session key with the second secret key is referred to asa “first enciphered session key”. The session key itself remainstemporarily stored in a memory in the client 20.

The ID “001” (a ID of a user who will create an enciphered file:hereinafter referred to as a “creator ID”) in the inherent data 25A andthe above-mentioned first enciphered session key are transmitted to thekey management server 10 from the client 20 (step 244).

The enciphered file processing program in the key management server 10(FIG. 22) waits for the receiving of the creator ID and the firstenciphered session key (NO in step 251). When the key management server10 receives the creator ID “001” and the first enciphered session keyfrom the client 20, the processing based on the enciphered fileprocessing program progresses (YES in step 251).

The management data including the received creator ID “001” is read outof the management database 15A provided in the first storage device 12in the key management server 10, and is temporarily stored in a memoryin the control device 11. In the management data temporarily stored inthe memory, when an invalid flag “FF” is stored, the invalid flag “FF”is transmitted to the client 20 from the key management server 10 (YESin step 252, step 257). When the client 20 receives the invalid flag“FF” (FIG. 21: YES in step 245, YES in step 246), the processing basedon the enciphered file creation program is terminated as it is in theclient 20. No enciphered file is created.

When the invalid flag is not stored in the management data (NO in step252), the received first enciphered session key is deciphered with thesecond public key OP2-1 in the management data related to the userhaving the ID “001” temporarily stored in the memory (step 253). Sincethe first enciphered session key is enciphered with the second secretkey S2-1 in the client 20, the first enciphered session key isdeciphered with the second public key OP2-1. A session key is obtained(step 253).

An inherent key SK1 in the management data is used, so that the obtainedsession key is enciphered (step 254). In the second embodiment, a keyobtained by enciphering the session key with the inherent key ishereinafter referred to as a “second enciphered session key”.

Furthermore, the generated second enciphered session key is encipheredwith the second public key OP2-1 in the management data (step 255). Akey obtained by enciphering the second enciphered session key with thesecond public key in the second embodiment is hereinafter referred to asa “third enciphered session key”. The third enciphered session key istransmitted to the client 20 from the key management server 10 (step256). The processing based on the enciphered file processing program inthe key management server 10 is terminated.

The client 20 waits for the receiving of the third enciphered sessionkey transmitted from the key management server 10 (FIG. 21: NO in step245). When the third enciphered session key is received (YES in step245, NO in step 246), the client 20 deciphers the third encipheredsession key with the second secret key S2-1 in the inherent data 25Astored in the second storage device 26 (step 247). A second encipheredsession key is obtained.

The entered plaintext data is enciphered with the session key, to createenciphered data (step 248). An enciphered file having a creator ID andthe above-mentioned enciphered session key (they are referred to asheader information) added to the header of the created enciphered datais created (step 249). The processing based on the enciphered filecreation program is terminated.

FIG. 25 is a flow chart showing the flow of the processing based on thedecryption program stored in the first storage device in the client.FIG. 26 is a flow chart showing the flow of the processing based on thedeciphering processing program executed in the key management server 10.FIG. 27 is a block diagram showing processing performed by the client 30and the key management server 10 in enciphered file decipheringprocessing shown in FIGS. 25 and 26. FIG. 28 illustrates the encipheredfile deciphering processing shown in FIGS. 25 and 26 by giving attentionto the flow of keys.

When an instruction to start the decryption program is entered in theclient, the decryption program is read out of the first storage devicein the client and is read in the CPU. The decryption program isexecuted. The operations of the client 30 (a computer of a user B) willbe taken as an example.

The user B (a decryptor) of the client 30 enters the enciphered fileinto the client 30 (step 261).

The enciphered file created in the cryptographic system according to thesecond embodiment has the header information (the creator ID and thesecond enciphered session key) added to the header of the enciphereddata, as described above. The decryption program enciphers the headerinformation (the creator ID and the second enciphered session key)included in the entered enciphered file with a second secret key S2-2 inthe inherent data 35A stored in the second storage device 36 (step 262).The header information is enciphered. Hereinafter referred to as an“enciphered parameter” is one obtained by enciphering the headerinformation in the enciphered file with the second secret key for thedecryptor.

An ID “002” of the decryptor (the user B) (included in the inherent data35A in the second storage device 36) and the above-mentioned encipheredparameter are transmitted to the key management server 10 from theclient 30 (step 263).

In the key management server 10, the deciphering processing programwaits for the receiving of the decryptor ID and the enciphered parameter(FIG. 26: step 271). When the key management server 10 receives thedecryptor ID “002” and the enciphered parameter which have beentransmitted from the client 30, the processing based on the decipheringprocessing program progresses (YES in step 271). Management dataincluding the received decryptor ID “002” is read out of the managementdatabase 15A provided in the first storage device 12, and is temporarilystored in a memory in the key management server 10.

It is judged whether or not an invalid flag is stored in the managementdata temporarily stored in the memory (step 272). When the invalid flag“FF” is stored (YES in step 272), the key management server 10 transmitsthe invalid flag “FF” to the client 30 (step 278). In this case,processing for deciphering the enciphered file (enciphered data) is notperformed (FIG. 25: YES in step 264, YES in step 265).

When the invalid flag is not stored in the management data temporarilystored in the memory (NO in step 272), the received enciphered parameteris deciphered with the second public key OP2-2 in the management datarelated to the decryptor. The enciphered parameter is obtained byenciphering the header information with the second secret key S2-2 inthe inherent data (FIG. 25, step 262). When the enciphered parameter isdeciphered, therefore, the header information (the creator ID and thesecond enciphered session key) is obtained (step 273).

It is judged whether or not the creator ID in the obtained headerinformation is stored as a decryption object ID in the management datarelated to the decryptor stored in the memory (step 274).

When the same ID as the creator ID is not included as the decryptionobject ID in the management data, the decryptor is a person having noauthorization to decipher the enciphered file created by a creatorspecified by the creator ID (there is no qualification for decryption:NO in step 274). In this case, an undecipherable flag “FD” istransmitted to the client 30 from the key management server 10 (step279). In the client 30 which has received the undecipherable flag “FD”,the processing based on the decryption program is terminated (YES instep 264, YES in step 265).

When the same ID as the creator ID is included as the decryption objectID in the management data, the decryptor is a person havingauthorization to decipher the enciphered file created by the creatorspecified by the creator ID (there is qualification for decryption: YESin step 274). In this case, the management data related to the creatorspecified by the creator ID is referred to, so that the secondenciphered session key is deciphered with the inherent key in themanagement data (step 275). A session key is obtained.

The second public key in the management data related to the decryptor(the second public key OP2-2 in the case of the user having the ID“002”) is used, to encipher the obtained session key again (step 276). Akey obtained by enciphering the session key with the second public keyfor the decryptor in the key management server 10 is hereinafterreferred to as a “fourth enciphered session key”. The fourth encipheredsession key is transmitted to the client 30 from the key managementserver 10 (step 277).

In the client 30 which has received the fourth enciphered session key(FIG. 25: YES in step 264, NO in step 265), the second secret key S2-2in the inherent data 35A is used, to decipher the fourth encipheredsession key (step 266). A session key is obtained.

Finally, the obtained session key is used, to decipher the enciphereddata in the enciphered file (step 267). Plaintext data is obtained.

According to the second embodiment, the public key/secret key (thesecond public key/second secret key) is generated in each of the clients20, 30 . . . , and the public key/secret key (the first public key/firstsecret key) is also generated in the key management server 10. Thesecond public key in the second public key/second secret key generatedin each of the clients 20, 30 . . . is enciphered with the first publickey distributed from the key management server 10, is transmitted to thekey management server 10 from each of the clients 20, 30 . . . , and isregistered in the management data. Therefore, the secrecy of the secondpublic key is high.

Furthermore, in the second embodiment, the inherent key in themanagement data is not transmitted and received through the network 1.Therefore, the secrecy of the inherent key is significantly high.

Also in the second embodiment, it is judged whether or not the decryptoris a person having authorization to decipher the enciphered datadepending on whether or not the creator ID in the header information isstored as the decryption object ID in the management data related to thedecryptor, thereby making it possible to perform authorizationmanagement corresponding to an organization structure in a company orthe like.

MODIFIED EMBODIMENT

In processing for creating the enciphered file, the first public key maybe used in place of the second secret key as the key used forenciphering the session key in the client (the processing in the step243 shown in FIG. 21). FIG. 29 shows the flow of transmission andreceiving of keys in a case where the first public key is used forenciphering the session key (generation of the first enciphered sessionkey). In this case, for first enciphered session key decipheringprocessing in the key management server 10 (FIG. 22: step 253), not thesecond public key but the first secret key stored in the first storagedevice 12 in the key management server 10 is used.

THIRD EMBODIMENT

FIG. 30 is a block diagram showing the overall configuration of acryptographic system according to a third embodiment. The cryptographicsystem according to the third embodiment differs from the cryptographicsystem according to the second embodiment shown in FIG. 15 in thecontents of data (a database) stored in a first storage device 12 in akey management server 10, the contents of a program stored in a secondstorage device 13 in the key management server 10, and processing basedon programs stored in a first storage device 22 in each of clients 20,30 . . . .

In the cryptographic system according to the third embodiment, a concept“group” is adopted. Users of the cryptographic system can belong to oneor a plurality of groups. of course, the users who do not belong to anyof the groups may, in some cases, exist. The cryptographic systemaccording to the third embodiment is characterized in that the keymanagement server 10 and the clients 20, 30 . . . are controlled suchthat the particular user can decipher enciphered data generated by theother user who utilizes the cryptographic system, and the key managementserver 10 and the clients 20, 30 . . . are controlled such that theother user belonging to the same group as the group to which the userwho has generated the enciphered data belongs can decipher theenciphered data.

Each of second storage devices 26, 36 . . . in the clients 20, 30 . . .stores an ID and a second secret key (inherent data), and a first publickey, as in the second embodiment (see FIG. 16 a and FIG. 16 b). The IDand the second secret key differ for each of the clients 20, 30. . . .The first public key (a first public key OP1) is common to all theclients 20, 30. . . .

FIG. 31 illustrates the contents of the first storage device 12 in thekey management server 10. The first storage device 12 in the keymanagement server 10 stores a first management database 15B, a pair of afirst public key and a first secret key, and a second managementdatabase 16. The first management database 15B differs from themanagement database 15A in the second embodiment (FIG. 17) in that aregistration group 1, a registration group 2, a registration group 3 . .. are added.

Each of the “registration group 1”, the “registration group 2”, the“registration group 3” . . . stores a group ID for identifying a groupto which a user of the cryptographic system belongs. For example, threegroup IDs “G1”, “G2”, “G3” are registered in management data related toa user having an ID “001” (a user A). This means that the user havingthe ID “001” (the user A) belongs to groups (a group “G1”, a group “G2”,and a group “G3”) respectively specified by the group IDs G1, G2, andG3. Similarly, the group ID “G2” is registered in management datarelated to a user having an ID “002” (a user B). It is found that theuser having the ID “002” (the user B) belongs to the group “G2”.

The second management database 16 includes a “group ID” and a “groupkey” (second management data).

The “group ID” is for identifying a group, as described above, and is anidentification code having a one-to-one correspondence with the group.

The “group key” is random number data given for each of the groups. Thegroup key is used for enciphering a session key and deciphering theenciphered session key, as described later.

FIG. 32 is a flow chart showing the flow of processing based on a firstmanagement data creation program stored in the second storage device 13in the key management server 10. The same processing (steps) as thatbased on the management data creation program in the first embodiment(FIG. 5) is assigned the same reference numeral and hence, theoverlapped description is omitted.

In the processing based on the first management data creation program,the group ID is registered (step 107) in addition to the registration ofa decryption object ID (step 105) (which is the same as that in thefirst embodiment). A manager of the key management server 10 registersthe group ID for specifying the group to which the user belongs in agroup ID column in management data. Of course, the step 107 is skippedif the user does not belong to any of the groups.

FIG. 33 is a flow chart showing the flow of processing based on a secondmanagement data creation program stored in the second storage device 13in the key management server 10. When the manager of the key managementserver 10 enters an instruction to start the second management datacreation program from an input device, the second management datacreation program is read out of the second storage device 13 in the keymanagement server 10, and is read in a CPU. The second management datacreation program is executed.

The manager of the key management server 10 enters the name or the like(group information) of a group (a department, a section, a team, etc.)provided in an organization or the like to which the user who utilizesthe cryptographic system belongs from the input device in the keymanagement server 10 (step 281). When the entry of the group informationis completed, an ID is assigned to the group. The assigned group ID isregistered in a group ID column in the second management database 16(step 282).

A random number is generated. The generated random number is registeredin a group key column as a group key corresponding to the registeredgroup ID (step 283). When group IDs and group keys related to aplurality of groups are registered, the above-mentioned processing isrepeated (NO in step 284, step 281). When the entry of data related toall the groups is terminated, the second management database 16 iscompleted (YES in step 284).

FIG. 34 is a flow chart showing the flow of processing based on anenciphered file creation program stored in the first storage device inthe client. FIG. 35 is a flow chart showing the flow of processing basedon an enciphered file processing program executed in the key managementserver 10 in response to the execution of the enciphered file creationprogram in the client. FIG. 36 shows by a block diagram processingperformed by the client 20 and the key management server 10 inenciphered file creating processing shown in FIGS. 34 and 35 in a casewhere processing using the group key is performed. FIG. 37 illustratesthe enciphered file creating processing shown in FIGS. 34 and 35 in acase where the processing using the group key is performed by givingattention to the flow of keys. The processing based on the encipheredfile creation program shown in FIG. 34 includes the same processing asthat in the flow chart shown in FIG. 21 in the second embodiment andhence, the same processing steps are assigned the same referencenumerals, to avoid the overlapped detailed description. The processingbased on the enciphered file processing program shown in FIG. 35includes the same processing as that in the flow chart shown in FIG. 22in the second embodiment and hence, the same processing steps areassigned the same reference numerals, to avoid the overlappeddescription. Operations performed by the client 20 (a computer of theuser A) will be taken as an example.

An ID “001” in inherent data 25A in the client 20 (an ID of a user whowill create an enciphered file: a creator ID) and a first encipheredsession key obtained by enciphering a session key with a second secretkey S2-1 are transmitted to the key management server 10 from the client20 (FIG. 34: step 244). In the key management server 10, the firstenciphered session key is deciphered with a second public key OP2-1 inmanagement data related to the creator (the user A) on the basis of thereceived creator ID (step 253), and the obtained session key isenciphered with an inherent key SK1 in the management data. A secondenciphered session key is obtained (step 254).

It is judged whether or not a group ID is registered in a group IDregistration column in the management data related to the user who willcreate the enciphered file (step 293).

When the group ID is not registered in the group ID registration column(NO in step 293, for example, a user having an ID “004”), the sameprocessing as that in the second embodiment is performed. That is, athird enciphered session key obtained by enciphering the secondenciphered session key with the second public key is transmitted to theclient 20 from the key management server 10 (steps 255 and 256).Thereafter, in the client, the third enciphered session key isdeciphered with the second secret key, plaintext data is enciphered withthe session key, and an enciphered file having the creator ID and thesecond enciphered session key added thereto as header information inenciphered data is created (FIG. 34: steps 245 to 249).

When the group ID is registered in the group ID registration column (YESin step 293), the second management database 16 is referred to, and agroup key corresponding to the group ID is used, to encipher the sessionkey (step 294). A key obtained by enciphering the session key with thegroup key in the key management server 10 is hereinafter referred to asa “group enciphered session key”. In the key management server 10, asecond enciphered session key and a group enciphered session key aregenerated.

When the plurality of group IDs are registered in the group IDregistration column, the group key corresponding to each of the groupIDs is used, so that the same number of group enciphered session keys asthe number of registered group IDs are generated (NO in step 295, step294).

When the generation of the group enciphered session key is terminated(YES in step 295), the second public key OP2-1 is used, to encipher thegroup ID, the second enciphered session key, and the group encipheredsession key (hereinafter referred to as a fifth enciphered session key)(step 296). The generated fifth enciphered session key is transmitted tothe client 20 from the key management server 10 (step 297).

In the client 20 which has received the fifth enciphered session key,the second secret key S2-1 in the inherent data 25A is used, to decipherthe fifth enciphered session key (step 291). A group ID, a secondenciphered session key, and a group enciphered session key are obtained.

The session key is used so that the enciphered data is created from theplaintext data (step 248). An enciphered file including the creator ID,the group ID, the second enciphered session key, and the groupenciphered session key is created as header information in the createdenciphered data (step 292, see FIG. 37).

FIG. 38 is a flow chart showing the flow of processing based on adecryption program stored in the first storage device in the client.FIG. 39 is a flow chart showing the flow of processing based on adeciphering processing program executed in the key management server 10.FIG. 40 shows by a block diagram processing performed by the client 30and the key management server 10 in processing for deciphering theenciphered file including the group enciphered session key. FIG. 41illustrates the processing for deciphering the enciphered file includingthe group enciphered session key by giving attention totransmission/receiving of keys. Although the processing based on thedecryption program shown in FIG. 38 is the same as that in the flowchart shown in FIG. 25 in the second embodiment, it is inserted again inorder to make the description easy to understand. The processing basedon the deciphering processing program shown in FIG. 39 includes the sameprocessing as that in the flow chart shown in FIG. 26 in the secondembodiment and hence, the same processing steps are assigned the samereference numerals, to avoid the overlapped description. When the groupID and the group enciphered session key are not included in the headerinformation in the enciphered file to be deciphered, the same processingas that in the second embodiment is performed. Therefore, description isherein made of the processing for deciphering the enciphered fileincluding the group ID and the group enciphered session key in theheader information.

When the group ID is registered in the management data related to thecreator of the enciphered file, as described above, the headerinformation in the enciphered file, together with the creator ID and thesecond enciphered session key, includes the group ID and the groupenciphered session key (FIG. 34: step 292). When a decryptor (which istaken as the user B) enters an enciphered file to be deciphered (step261), the decryption program enciphers the header information in theentered enciphered file with a second secret key S2-2 in inherent data35B stored in the second storage device 36 (generation of an encipheredparameter) in the client 30 (step 262). The generated encipheredparameter and an ID of the decryptor (the ID “002” of the user B) in theinherent data 35B are transmitted to the key management server 10 fromthe client 30 (step 263).

In the key management server 10, the received enciphered parameter isdeciphered with a second public key (a second public key OP2-2 in thecase of the user B having the ID “002”) in management data related tothe decryptor. A creator ID, a second enciphered session key, a groupID, and a group enciphered session key are obtained (step 273).

It is judged whether or not the obtained creator ID is registered as adecryption object ID in the management data related to the decryptor(step 274). If the same ID as the creator ID is registered as thedecryption object ID in the management data, enciphered data included inan enciphered file is deciphered in the client 30 by the same processingas that in the second embodiment (YES in step 274, steps 275 to 277,FIG. 38: steps 264 to 267).

When the obtained creator ID is not registered as the decryption objectID in the management data related to the decryptor (NO in step 274), itis then judged whether or not the obtained group ID is registered in themanagement data related to the decryptor (step 301). That is, it isjudged whether or not the decryptor belongs to the group to which thecreator of the enciphered file to be deciphered belongs.

In a case where the decryptor belongs to the same group as that to whichthe creator of the enciphered file belongs (a case where the obtainedgroup ID is registered in the management data related to the decryptor),the second management database 16 is referred to, so that a group keycorresponding to the group ID is read out. The read group key is used,to decipher the group enciphered session key (step 302). A session keyis obtained.

Processing performed after the session key is obtained is the same asthat in the second embodiment. That is, the obtained session key isenciphered with the second public key OP2-2 for the decryptor(generation of a fourth enciphered session key) (step 276), and thefourth enciphered session key is transmitted to the client 30 from thekey management server 10 (step 277). In the client 30 which has receivedthe fourth enciphered session key, the fourth enciphered session key isdeciphered with the second secret key S2-2 (step 266), and theenciphered data included in the enciphered file is deciphered with theobtained session key (step 267).

In a case where the obtained creator ID is not registered as thedecryption object ID in the management data, and the obtained group IDis not also registered in the management data, an undecipherable flag(FD) is transmitted to the client from the key management server 10(step 279).

In the third embodiment, authorization to decipher the enciphered fileis thus further given to the other user belonging to the same group asthe group to which the user who has created the enciphered file belongs.For example, in a case where the decryption authorization is given tousers belonging to the same section, the same department, and so on in acompany or the like, authorization processing using the group ID can bemade use of.

Although in the above-mentioned embodiment (the third embodiment), thedecryption object ID and the group ID can be registered in themanagement data, it goes without saying that only the group ID may beregistered. In this case, only when the decryptor belongs to the samegroup as the creator of the enciphered file, the decryptor is authorizedto decipher the enciphered file.

FOURTH EMBODIMENT

Authorization to decipher an enciphered file may be given to a userdesignated and/or a group designated when a creator of the encipheredfile creates the enciphered file in addition to a user who specified adecryption object ID and a user belonging to the same group as that towhich the creator of the enciphered file belong. A cryptographic systemaccording to a fourth embodiment is characterized in that a keymanagement server 10 and clients 20, 30 . . . are controlled such thatauthorization to decipher an enciphered file created by a creator isalso given to a user designated by the creator of the enciphered file (adesignated decryptor) (a designated deciphering person) and/or a groupdesignated by the creator of the enciphered file (a designateddeciphering group).

FIG. 42 is a block diagram showing the overall configuration of thecryptographic system according to the fourth embodiment. Thecryptographic system according to the fourth embodiment differs from thecryptographic system according to the third embodiment (FIG. 30) in thecontents of data and processing based on programs stored in a firststorage device 12 and a second storage device 13 in the key managementserver 10 and the contents of processing based on programs stored infirst storage devices 22, 32, . . . in the clients 20, 30 . . . .

Each of second storage devices 26, 36 . . . in the clients 20, 30 . . .stores an ID and a second secret key (inherent data), and a first publickey, as in the second embodiment (see FIG. 16). The ID and the secondsecret key differ for each of the clients 20, 30 . . . . The firstpublic key (a first public key OP1) is common to all the clients 20, 30. . . .

FIG. 43 illustrates a first management database 15C provided in thefirst storage device 12 in the key management server 10. Also in thefourth embodiment, the first storage device 12 in the key managementserver 10 is provided with the first management database 15C and asecond management database 16. The fourth embodiment differs from thethird embodiment in the contents of the first management database 15C.The first management database 15C differs from the management database15B in the third embodiment in that each of management data is providedwith two inherent keys. The two inherent keys are hereinafter referredto as a “first inherent key” and a “second inherent key”.

Both the first inherent key and the second inherent key are randomnumbers generated on the basis of a first management data creationprogram (see FIG. 32) stored in the first storage device 12 in the keymanagement server 10. Two random numbers are generated in processingbased on a first management data creation program, and are respectivelyregistered as the first inherent key and the second inherent key in themanagement data.

FIG. 44 is a flow chart showing the flow of processing based on anenciphered file creation program in the fourth embodiment. The sameprocessing steps as those based on the enciphered file creation programin the third embodiment (FIG. 34) are assigned the same referencenumerals and hence, the overlapped description is avoided. FIG. 45 is aflow chart showing the flow of processing based on an enciphered fileprocessing program. The same processing steps as those based on anenciphered file processing program in the third embodiment (FIG. 35) areassigned the same reference numerals and hence, the overlappeddescription is avoided. FIG. 46 shows by a block diagram processingperformed by the client 20 and the key management server 10 inenciphered file creating processing in a case where a person who isauthorized to perform decryption is designated in the processing shownin FIGS. 44 and 45. FIG. 47 shows by a block diagram processingperformed by the client 20 and the key management server 10 in theenciphered file creation processing in a case where a group who isauthorized to perform decryption is designated in the processing shownin FIGS. 44 and 45. In the following description, the processingperformed by the client 20 will be taken as an example on the assumptionthat the enciphered file creating processing using a group key isperformed.

Plaintext data is entered in the client 20, a random number (a sessionkey) is generated, and the generated session key is enciphered with asecond secret key S2-1 in inherent data 25A (generation of a firstenciphered session key) (steps 241 to 243).

A display screen for asking a user who should create an enciphered file(here, a user A) whether or not a user who is authorized to performdecryption (referred to as a designated decryptor) and/or a group who isauthorized to perform decryption (hereinafter referred to as adesignated deciphering group) should be designated is displayed on adisplay screen of the client 20.

When neither of the user who is authorized to perform decryption and thegroup who is authorized to perform decryption is designated (NO in step311), the same processing as that in the third embodiment is performed.That is, a creator ID (an ID “001” of the user A) and a first encipheredsession key are transmitted to the key management server 10 from theclient 20 (step 244). In the key management server 10, the firstenciphered session key is deciphered with a second public key OP2-1(step 253), and an obtained session key is enciphered with a firstinherent key SK1-1 for the creator (generation of a second encipheredsession key: step 327). Further, a group key for a group to which thecreator belongs is used, to encipher the session key (generation of agroup enciphered session key: step 328). The second enciphered sessionkey, the group ID, the group enciphered session key are enciphered withthe second public key OP2-1 (generation of a fifth enciphered sessionkey: step 296). The fifth enciphered session key is transmitted to theclient 20 from the key management server 10 (step 297). In the client 20which has received the fifth enciphered session key, the fifthenciphered session key is deciphered with the second secret key S2-1,and an enciphered file having the creator ID, the group ID, the secondenciphered session key, and the group enciphered session key addedthereto as header information in enciphered data obtained by encipheringthe plaintext data with the session key is created (FIG. 44: steps 291,248, and 292).

When either one of the user who is authorized to perform decryption andthe group who is authorized to perform decryption is designated (YES instep 311), data for requesting an ID table is transmitted to the keymanagement server 10 from the client 20 (step 312). The key managementserver 10 transmits, when it receives the data for requesting the IDtable, data representing the ID table on which a user name, a user ID, agroup name to which a user belongs, and an group ID, etc. are describedto the client 20. The ID table (a table on which the user name, the userID, the group name to which the user belongs, and the group ID, etc. aredescribed) is displayed on the display screen of the client 20 which hasreceived the data representing the ID table.

In the cryptographic system according to the fourth embodiment, a userhaving a decryption object ID registered in management data related to acreator of an enciphered file and a user belonging to a group specifiedby a group ID registered in the management data related to the creatorof the enciphered file are authorized to decipher the enciphered file,as in the third embodiment. Further, in the cryptographic systemaccording to the fourth embodiment, a user and/or a group designated bythe creator of the enciphered file are/is authorized to decipher theenciphered file. Referring to the ID table displayed on the displayscreen, the user (the user A) who creates the enciphered file designatesthe user who is authorized to perform decryption (the designateddecryptor) andlor the group who is authorized to decipher the encipheredfile (step 314). Of course, the user having the decryption object IDregistered in the management data and the user belonging to the groupspecified by the group ID registered in the management data areoriginally authorized to decipher the enciphered file. Therefore, theuser (the designated decryptor) or the group (the designated decipheringgroup) designated herein will be a user or a group which is notregistered in the management data.

An ID “001” (a creator ID) of the user who creates the enciphered file,the first enciphered session key, and a designated decryptorID/designated group ID are transmitted to the key management server 10from the client 20 (step 315).

In the key management server 10, when the designated decryptor ID andthe designated group ID are included in the data transmitted from theclient (YES in step 322), the procedure proceeds to the followingprocessing.

The session key is enciphered with the second inherent key for a userspecified by the creator ID (a second inherent key SK2-1 in the case ofthe user A) (step 323). A second session key is generated.

The session key is enciphered with the group key for the group to whichthe user specified by the creator ID belongs (step 324). A groupenciphered session key is generated.

Furthermore, the session key is enciphered with the second inherent keyfor the user specified by the designated decryptor ID (which is referredto as a sixth enciphered session key) (step 325).

Furthermore, the session key is enciphered with a group key for thegroup specified by the designated group ID (which is referred to as adesignated group enciphered session key) (step 326).

The second enciphered session key, the group enciphered session key, thesixth enciphered session key, the designated group enciphered sessionkey, the group ID, the designated decryptor ID, and the designated groupID are enciphered with the second public key OP2-1 (which is referred toas a seventh enciphered session key) (step 329). The seventh encipheredsession key is transmitted to the client 20 from the key managementsever 10 (step 330).

In the client 20, the seventh enciphered session key is deciphered withthe second secret key S2-1 (step 316). An enciphered file having thesecond enciphered session key, the group enciphered session key, thesixth enciphered session key, the designated group enciphered sessionkey, the creator ID, the group ID, the designated decryptor ID, and thedesignated group ID added thereto as header information in enciphereddata obtained by enciphering plaintext data is created (step 317).

FIG. 48 is a flow chart showing the flow of processing based on adecryption program stored in the first storage device in the client.FIG. 49 is a flow chart showing the flow of processing based on adeciphering processing program executed in the key management server 10.FIG. 50 is a block diagram showing processing performed by the client 30and the key management server 10 in processing for deciphering anenciphered file including a designated decryptor ID. FIG. 51 is a blockdiagram showing processing performed by the client 30 and the keymanagement server 10 in processing for deciphering an enciphered fileincluding a designated group ID. Although the processing based on thedecryption program shown in FIG. 48 is the same as that in the flowchart shown in FIG. 25 in the second embodiment, it is inserted again inorder to make the description easy to understand. The processing shownin FIG. 49 includes the same processing as that in the flow chart shownin FIG. 39 in the third embodiment and hence, the same processing stepsare assigned the same reference numerals, to avoid the overlappeddescription.

The enciphered file is entered in the client (step 261), and headerinformation is enciphered with the second secret key (generation of anenciphered parameter: step 262). An ID of a decryptor and the encipheredparameter are transmitted to the key management server 10 from theclient (step 263).

In the key management data 10 which has received the decryptor ID andthe enciphered parameter, the enciphered parameter is deciphered withthe second public key for the decryptor. The second enciphered sessionkey, the group enciphered session key, the sixth enciphered session key,the designated group enciphered session key, the creator ID, the groupID, the designated decryptor ID, and the designated group ID areobtained (step 273).

It is judged whether or not the same ID as the obtained creator ID isregistered in a decryption object ID column in management data relatedto the decryptor (step 331).

When the same ID as the creator ID is registered in the management data(YES in step 331), the management data related to the creator of theenciphered file specified by the creator ID is referred to, to decipherthe second enciphered session key with the first inherent key or thesecond inherent key for the creator of the enciphered file (step 332). Aobtained session key is enciphered with the second public key for thedecryptor (generation of a fourth enciphered session key: step 276), andthe fourth enciphered session key is transmitted to the client from thekey management server 10 (step 277).

When the creator ID is not registered in the decryption object ID columnin the management data related to the decryptor (NO in step 331), it isjudged whether or not the same ID as the obtained group ID is registeredin the management data related to the decryptor (step 333).

When the same ID as the obtained group ID is registered in themanagement data related to the decryptor (YES in step 333), the secondmanagement database 16 is referred to, and a group key corresponding tothe group ID is used, to decipher the group enciphered session key. Asession key is obtained (step 334). The obtained session key isenciphered with the second public key for the decryptor (generation of afourth enciphered session key: step 276), and the fourth encipheredsession key is transmitted to the client from the key management server10 (step 277).

When the same ID as the obtained group ID is not registered in themanagement data related to the decryptor (NO in step 333), it is judgedwhether or not the same ID as the decryptor ID is included as thedesignated decryptor ID in the header information (step 335).

When the same ID as the decryptor ID is included as the designateddecryptor ID in the header information (YES in step 335), the decryptoris a designated deciphering person whom the creator of the encipheredfile authorizes to decipher the enciphered file in the processing forcreating the enciphered file. In this case, the sixth enciphered sessionkey is deciphered with the second inherent key for the decryptor (thedesignated decryptor) (the sixth enciphered session key is encipheredwith the second inherent key for the designated decryptor (FIG. 45: step325)). A session key is obtained. The fourth enciphered session key istransmitted to the client from the key management server 10 (steps 276and 277).

When the same ID as the decryptor ID is not included in the headerinformation (NO in step 335), it is judged whether or not a group ID ofa group to which the decryptor belongs is included as the designatedgroup ID in the header information (step 337).

When the group ID of the group to which the decryptor belongs isincluded as the designated group ID in the header information (YES instep 337), the group key corresponding to the group ID is read out ofthe second management database 16, and a designated group enciphered keyis deciphered with the group key (step 338). A session key is obtained.The fourth enciphered session key is transmitted to the client from thekey management server 10 (steps 276 and 277).

When the session key has not been obtained yet through the processing(NO in step 337), an undecipherable flag (FD) is transmitted to theclient from the key management server 10 (step 279).

In the client which has received the fourth enciphered session key fromthe key management server 10, the fourth enciphered session key isdeciphered with the second secret key in the inherent data (FIG. 48:step 266). A session key is obtained. The enciphered data is decipheredwith the obtained session key (step 267).

In the cryptographic system according to the fourth embodiment,authorization to decipher the enciphered file is given with respect tothe user or the group designated by the user who creates the encipheredfile.

Although in the above-mentioned embodiment (fourth embodiment), thedecryption object ID and the group ID are registered in the managementdata in the first management database 15C, and the decryptionauthorization is given to the user having the decryption object ID andthe user belonging to the group specified by the registered group ID, itgoes without saying that the registrations (the decryption object ID andthe group ID) need not be necessarily performed. In this case, thedecryption authorization is given only to a user designated (adesignated decryptor) and/or a group designated (a designated group) bythe creator of the enciphered file.

Furthermore, in the fourth embodiment, the second inherent key is usedfor generating the second enciphered session key when the designateddeciphering person or the designated group is designated, while thefirst inherent key is used for generating the second enciphered sessionkey when the designated deciphering person or the designated group isnot designated (FIG. 45: steps 323 and 327). In the processing based onthe deciphering processing program performed by the key managementserver 10, it can be also judged whether or not there is a designateddecryptor or a designated group by judging whether or not the secondenciphered session key is generated using either the first inherent keyor the second inherent key.

1. A cryptographic system in which a key management server comprising amanagement database for storing, with respect to each of users, aninherent ID, an inherent key, and an inherent public key which areinherent in the user, and a decryption object ID which is an inherent IDof a creator of an enciphered file decipherable by the user, and aclient comprising inherent data storing means for storing said inherentID and an inherent secret key paired with said inherent public key, andsession key generating means are connected to each other through anetwork, wherein said client comprises plaintext data entering means foraccepting the entry of plaintext data, first transmitting means fortransmitting to the key management server the inherent ID stored in theinherent data storing means when the plaintext data is accepted,enciphered data creating means for generating a session key by saidsession key generating means, and enciphering the accepted plaintextdata with the generated session key, to create enciphered data,enciphered file creating means for deciphering an enciphered inherentkey transmitted from the key management server with the inherent secretkey stored in the inherent data storing means, to obtain an inherentkey, enciphering said session key with the obtained inherent key, togenerate a first enciphered session key, and using the inherent IDstored in the inherent data storing means as a creator ID, to add thecreator ID and the generated first enciphered session key to theenciphered data, to create an enciphered file, enciphered file enteringmeans for accepting the entry of the enciphered file, secondtransmitting means for using, when the enciphered file is accepted, theinherent ID stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thecreator ID and the first enciphered session key in the acceptedenciphered file, and deciphering means for deciphering a secondenciphered session key transmitted from said key management server withthe inherent secret key stored in the inherent data storing means, toobtain a session key, and deciphering the enciphered data in theaccepted enciphered file with the obtained session key, to obtainplaintext data, and said key management server comprises firsttransmitting means for enciphering the inherent key stored in themanagement database in correspondence with said inherent ID transmittedfrom the client with the inherent public key stored in the managementdatabase in correspondence with said inherent ID, to generate anenciphered inherent key, and transmitting the generated encipheredinherent key to the client, judging means for judging whether or not thecreator ID, together with the decryptor ID, transmitted from the clientis stored as a decryption object ID in said management database incorrespondence with the decryptor ID transmitted from said client, andsecond transmitting means for deciphering, when said judging meansjudges that said creator ID is stored as the decryption object ID in themanagement database, the first enciphered session key, together withsaid decryptor ID and said creator ID, transmitted from the client withthe inherent key stored in the management database in correspondencewith said creator ID, to obtain a session key, enciphering the obtainedsession key with the inherent public key stored in the managementdatabase in correspondence with said decryptor ID, to generate a secondenciphered session key, and transmitting the generated second encipheredsession key to the client.
 2. A cryptographic system in which a keymanagement server comprising a management database for storing, withrespect to each of users, an inherent ID, an inherent key, and aninherent public key which are inherent in the user, and a decryptionobject ID which is an inherent ID of a creator of an enciphered filedecipherable by the user, and a client comprising inherent data storingmeans for storing said inherent ID and an inherent secret key pairedwith said inherent public key, and session key generating means areconnected to each other through a network, wherein said client comprisesplaintext data entering means for accepting the entry of plaintext data,enciphered data creating means for generating, when the plaintext datais accepted, a session key by said session key generating means, andenciphering the entered plaintext data with the generated session key,to create enciphered data, first transmitting means for enciphering saidsession key with the inherent secret key stored in the inherent datastoring means, to generate a first enciphered session key, and using theinherent ID stored in said inherent data storing means as a creator ID,to transmit to the key management server the creator ID and thegenerated first enciphered session key, enciphered file creating meansfor adding to said enciphered data the creator ID stored in the inherentdata storing means and a second enciphered session key transmitted fromthe key management server, to create an enciphered file, enciphered fileentering means for accepting the entry of the enciphered file, secondtransmitting means for using, when the enciphered file is accepted, theinherent ID stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thecreator ID and the second enciphered session key in the acceptedenciphered file, and deciphering means for deciphering a thirdenciphered session key transmitted from said key management server withthe inherent secret key stored in the inherent data storing means, toobtain a session key, and deciphering the enciphered data in theaccepted enciphered file with the obtained session key, to obtainplaintext data, and said key management server comprises firsttransmitting means for deciphering the first enciphered session keytransmitted from the client with the inherent public key stored in themanagement database in correspondence with the creator ID, together withsaid first enciphered session key, transmitted from the client, toobtain a session key, enciphering the obtained session key with theinherent key stored in the management database in correspondence withsaid creator ID, to generate a second enciphered session key, andtransmitting the generated second enciphered session key to the client,judging means for judging whether or not the creator ID, together withsaid decryptor ID, transmitted from the client is stored as a decryptionobject ID in said management database in correspondence with thedecryptor ID transmitted from the client, and second transmitting meansfor deciphering, when said judging means judges that said creator ID isstored as the decryption object ID in the management database, thesecond enciphered session key, together with said decryptor ID and saidcreator ID, transmitted from the client with the inherent key stored inthe management database in correspondence with said creator ID, toobtain a session key, enciphering the obtained session key with theinherent public key stored in the management database in correspondencewith said decryptor ID, to generate a third enciphered session key, andtransmitting the generated third enciphered session key to the client.3. A cryptographic system in which a key management server comprising amanagement database for storing, with respect to each of users, aninherent ID, an inherent key, and an inherent public key which areinherent in the user, and a decryption object ID which is an inherent IDof a creator of an enciphered file decipherable by the user, and commonkey storing means for storing a pair of a common public key and a commonsecret key, and a client comprising inherent data storing means forstoring said inherent ID and an inherent secret key paired with saidinherent public key, common public key storing means for storing saidcommon public key, and session key generating means are connected toeach other through a network, wherein said client comprises plaintextdata entering means for accepting the entry of plaintext data,enciphered data creating means for generating, when the plaintext datais accepted, a session key by said session key generating means, andenciphering the entered plaintext data with the generated session key,to create enciphered data, first transmitting means for enciphering saidsession key with the common public key stored in the common public keystoring means, to generate a first enciphered session key, and using theinherent ID stored in the inherent data storing means as a creator ID,to transmit to the key management server the creator ID and thegenerated first enciphered session key, enciphered file creating meansfor adding to said enciphered data the creator ID stored in the inherentdata storing means and a second enciphered session key transmitted fromthe key management server, to create an enciphered file, enciphered fileentering means for accepting the entry of the enciphered file, secondtransmitting means for using, when the enciphered file is accepted, theinherent ID stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thecreator ID and the second enciphered session key in the acceptedenciphered file, and deciphering means for deciphering a thirdenciphered session key transmitted from said key management server withthe inherent secret key stored in the inherent data storing means, toobtain a session key, and deciphering the enciphered data in theaccepted enciphered file with the obtained session key, to obtainplaintext data, and said key management server comprises firsttransmitting means for deciphering the first enciphered session keytransmitted from the client with the common secret key stored in thecommon key storing means, to obtain a session key, enciphering theobtained session key with the inherent key stored in the managementdatabase in correspondence with the creator ID, together with said firstenciphered session key, transmitted from the client, to generate asecond enciphered session key, and transmitting the generated secondenciphered session key to the client, judging means for judging whetheror not the creator ID, together with said decryptor ID, transmitted fromthe client is stored as a decryption object ID in said managementdatabase in correspondence with the decryptor ID transmitted from theclient, and second transmitting means for deciphering, when said judgingmeans judges that said creator ID is stored as the decryption object IDin the management database, the second enciphered session key, togetherwith said decryptor ID and said creator ID, transmitted from the clientwith the inherent key stored in the management database incorrespondence with said creator ID, to obtain a session key,enciphering the obtained session key with the inherent public key storedin the management database in correspondence with said decryptor ID, togenerate a third enciphered session key, and transmitting the generatedthird enciphered session key to the client.
 4. A cryptographic system inwhich a key management server comprising a first management database forstoring, with respect to each of users, an inherent ID, and an inherentpublic key which are inherent in the user, and a group ID of a group towhich the user belongs, and a second management database for storing,with respect to each of groups, a group ID and a group key which areinherent in the group, and a client comprising inherent data storingmeans for storing said inherent ID and an inherent secret key pairedwith said inherent public key, and session key generating means areconnected to each other through a network, wherein said client comprisesplaintext data entering means for accepting the entry of plaintext data,enciphered data creating means for generating, when the plaintext datais accepted, a session key by said session key generating means, andenciphering the entered plaintext data with the generated session key,to create enciphered data, first transmitting means for enciphering saidsession key with the inherent secret key stored in the inherent datastoring means, to generate a first enciphered session key, and using theinherent ID stored in said inherent data storing means as a creator ID,to transmit to the key management server the creator ID and thegenerated first enciphered session key, enciphered file creating meansfor adding to said enciphered data the group ID and a group encipheredsession key which are transmitted from the key management server, tocreate an enciphered file, enciphered file entering means for acceptingthe entry of the enciphered file, second transmitting means for using,when the enciphered file is accepted, the inherent ID stored in theinherent data storing means as a decryptor ID, to transmit to the keymanagement server the decryptor ID, and the group ID and the groupenciphered session key in the accepted enciphered file, and decipheringmeans for deciphering a second enciphered session key transmitted fromsaid key management server with the inherent secret key stored in theinherent data storing means, to obtain a session key, and decipheringthe enciphered data in the accepted enciphered file with the obtainedsession key, to obtain plaintext data, and said key management servercomprises first transmitting means for deciphering the first encipheredsession key transmitted from the client with the inherent public keystored in the first management database in correspondence with thecreator ID, together with said first enciphered session key, transmittedfrom the client, to obtain a session key, enciphering the obtainedsession key with the group key stored in said second management databasein correspondence with the group ID stored in the first managementdatabase in correspondence with said creator ID, to generate the groupenciphered session key, and transmitting the group ID and the generatedgroup enciphered session key to the client, judging means for judgingwhether or not the group ID, together with said decryptor ID,transmitted from the client is registered ih the first managementdatabase in correspondence with the decryptor ID transmitted from theclient, and second transmitting means for deciphering, when said judgingmeans judges that said group ID is registered in the first managementdatabase, the group enciphered session key, together with said decryptorID and said group ID, transmitted from the client with the group keystored in the second management database in correspondence with saidgroup ID, to obtain a session key, enciphering the obtained session keywith the inherent public key stored in the first management database incorrespondence with said decryptor ID, to generate a second encipheredsession key, and transmitting the generated second enciphered sessionkey to the client.
 5. A cryptographic system in which a key managementserver comprising a management database for storing, with respect toeach of users, an inherent ID, an inherent key, and an inherent publickey which are inherent in the user, and a client comprising inherentdata storing means for storing said inherent ID and an inherent secretkey paired with said inherent public key, and session key generatingmeans are connected to each other through a network, wherein said clientcomprises plaintext data entering means for accepting the entry ofplaintext data, enciphered data creating means for generating, when theplaintext data is accepted, a session key by said session key generatingmeans, and enciphering the entered plaintext data with the generatedsession key, to create enciphered data, decryption authorized userdesignating means for,accepting the designation of a decryptionauthorized user, first transmitting means for enciphering said sessionkey with the inherent secret key stored in the inherent data storingmeans, to generate a first enciphered session key, using an inherent IDof the designated decryption authorized user as a designated decryptionauthorized user ID, and using the inherent ID stored in said inherentdata storing means as a creator ID, to transmit to the key managementserver the designated decryption authorized user ID, the creator ID, andthe generated first enciphered session key, enciphered file creatingmeans for adding to the enciphered data the designated decryptionauthorized user ID and a second enciphered session key transmitted fromthe key management server, to create an enciphered file, enciphered fileentering means for accepting the entry of the enciphered file, secondtransmitting means for using, when the enciphered file is accepted, theinherent ID stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thedesignated decryption authorized user ID and the second encipheredsession key in the accepted enciphered file, and deciphering means fordeciphering a third enciphered session key transmitted from the keymanagement server with the inherent secret key stored in the inherentdata storing means, to obtain a session key, and deciphering theenciphered data in the accepted enciphered file with the obtainedsession key, to obtain plaintext data, and said key management servercomprises first transmitting means for deciphering the first encipheredsession key transmitted from the client with the inherent public keystored in the management database in correspondence with the creator ID,together with said first enciphered session key, transmitted from theclient, to obtain a session key, enciphering the obtained session keywith the inherent key stored in the management database incorrespondence with the designated decryption authorized user ID,together with said first enciphered session key and said creator ID,transmitted from the client, to generate a second enciphered sessionkey, and transmitting the generated second enciphered session key to theclient, judging means for judging whether or not the decryptor IDtransmitted from the client is the same as the designated decryptionauthorized user ID, together with said decryptor ID, transmitted fromthe client, and second transmitting means for deciphering, when saidjudging means judges that said decryptor ID is the same as saiddesignated decryption authorized user ID, the second enciphered sessionkey, together with said decryptor ID and said designated decryptionauthorized user ID, transmitted from the client with the inherent keystored in the management database in correspondence with said decryptorID, to obtain a session key, enciphering the obtained session key withthe inherent public key stored in the management database incorrespondence with said decryptor ID, to generate a third encipheredsession key, and transmitting the generated third enciphered session keyto the client.
 6. A cryptographic system in which a key managementserver comprising a first management database for storing, with respectto each of users, an inherent ID and an inherent public key which areinherent in the user, and a group ID of a group to which the userbelongs, and a second management database for storing, with respect toeach of groups, a group ID and a group key which are inherent in thegroup, and a client comprising inherent data storing means for storingsaid inherent ID and an inherent secret key paired with said inherentpublic key, and session key generating means are connected to each otherthrough a network, wherein said client comprises plaintext data enteringmeans for accepting the entry of plaintext data, enciphered datacreating means for generating, when the plaintext data is accepted, asession key by said session key generating means, and enciphering theentered plaintext data with the generated session key, to createenciphered data, decryption authorized group designating means foraccepting the designation of a decryption authorized group, firsttransmitting means for enciphering said session key with the inherentsecret key stored in the inherent data storing means, to generate afirst enciphered session key, using a group ID of the designateddecryption authorized group as a designated decryption authorized groupID, and using the inherent ID stored in said inherent data storing meansas a creator ID, to transmit to the key management server the designateddecryption authorized group ID, the creator ID, and the generated firstenciphered session key, enciphered file creating means for adding tosaid enciphered data the designated decryption authorized group ID and agroup enciphered session key transmitted from the key management server,to create an enciphered file, enciphered file entering means foraccepting the entry of the enciphered file, second transmitting meansfor using, when the enciphered file is accepted, the inherent ID storedin the inherent data storing means as a decryptor ID, to transmit to thekey management server the decryptor ID, and the designated decryptionauthorized group ID and the group enciphered session key in the acceptedenciphered file, and deciphering means for deciphering a secondenciphered session key transmitted from the key management server withthe inherent secret key stored in the inherent data storing means, toobtain a session key, and deciphering the enciphered data in theaccepted enciphered file with the obtained session key, to obtainplaintext data, and said key management server comprises firsttransmitting means for deciphering the first enciphered session keytransmitted from the client with the inherent public key stored in thefirst management database in correspondence with the creator ID,together with said first enciphered session key, transmitted from theclient, to obtain a session key, enciphering the obtained session keywith the group key stored in the second management database incorrespondence with the designated decryption authorized group ID,together with said first enciphered session key and said creator ID,transmitted from the client, to generate a group enciphered session key,and transmitting the generated group enciphered session key to theclient, judging means for judging whether or not the same group ID asthe designated decryption authorized group ID transmitted from theclient is stored in the first management database in correspondence withthe decryptor ID, together with said designated decryption authorizedgroup ID, transmitted from the client, and second transmitting means fordeciphering, when said judging means judges that the same group ID assaid designated decryption authorized group ID is stored in the firstmanagement database, the group enciphered session key, together withsaid decryptor ID and said designated decryption authorized group ID,transmitted from the client with the group key stored in the secondmanagement database in correspondence with said group ID, to obtain asession key, enciphering the obtained session key with the inherentpublic key stored in the first management database in correspondencewith said decryptor ID, to generate a second enciphered session key, andtransmitting the generated second enciphered session key to the client.7. A method of controlling a cryptographic system in which a keymanagement server comprising a management database for storing, withrespect to each of users, an inherent ID, an inherent key, and aninherent public key which are inherent in the user, and a decryptionobject ID which is an inherent ID of a creator of an enciphered filedecipherable by the user, and a client comprising inherent data storingmeans for storing said inherent ID and an inherent secret key pairedwith said inherent public key, and session key generating means areconnected to each other through a network, wherein said client acceptsthe entry of plaintext data or an enciphered file, the client transmits,when it accepts the plaintext data, the inherent ID stored in theinherent data storing means to the key management server, the keymanagement server which has received the inherent ID enciphers theinherent key stored in the management database in correspondence withthe received inherent ID with the inherent public key stored in themanagement database in correspondence with the inherent ID, to generatean enciphered inherent key, and transmits the generated encipheredinherent key to the client, the client which has received the encipheredinherent key deciphers the received enciphered inherent key with theinherent secret key stored in the inherent data storing means, to obtainan inherent key, generates a session key by the session key generatingmeans, enciphers the accepted plaintext data with the generated sessionkey, to create enciphered data, enciphers said session key with theinherent key, to generate a first enciphered session key, and uses theinherent ID stored in the inherent data storing means as a creator ID,to add the creator ID and the generated first enciphered session key tothe enciphered data, to create an enciphered file, the client uses, whenit accepts the enciphered file, an inherent ID of a decryptor stored inthe inherent data storing means as a decryptor ID, to transmit to thekey management server the decryptor ID, and the creator ID and the firstenciphered session key in the accepted enciphered file, the keymanagement server which has received the decryptor ID, and the creatorID and the first enciphered session key judges whether or not thereceived creator ID is stored as a decryption object ID in saidmanagement database in correspondence with the received decryptor ID,and deciphers, when the received creator ID is stored as the decryptionobject ID in the management database, the first enciphered session keywith the inherent key stored in the management database incorrespondence with said creator ID, to obtain a session key, enciphersthe obtained session key with the inherent public key stored in themanagement database in correspondence with said decryptor ID, togenerate a second enciphered session key, and transmits the generatedsecond enciphered session key to the client, and the client which hasreceived the second enciphered session key deciphers the received secondenciphered session key with the inherent secret key stored in theinherent data storing means, to obtain a session key, and deciphers theenciphered data in the accepted enciphered file with the obtainedsession key, to obtain plaintext data.
 8. A method of controlling acryptographic system in which a key management server comprising amanagement database for storing, with respect to each of users, aninherent ID, an inherent key, and an inherent public key which areinherent in the user, and a decryption object ID which is an inherent IDof a creator of an enciphered file decipherable by the user, and aclient comprising inherent data storing means for storing said inherentID and an inherent secret key paired with said inherent public key, andsession key generating means are connected to each other through anetwork, wherein said client accepts the entry of plaintext data or anenciphered file, the client generates, when it accepts the plaintextdata, a session key by said session key generating means, enciphers theentered plaintext data with the generated session key, to createenciphered data, enciphers said session key with the inherent secret keystored in the inherent data storing means, to generate a firstenciphered session key, and uses the inherent ID stored in said inherentdata storing means as a creator ID, to transmit to the key managementserver the creator ID and the generated first enciphered session key,the key management server which has received the creator ID and thefirst enciphered session key deciphers the received first encipheredsession key with the inherent public key stored in the managementdatabase in correspondence with the received creator ID, to obtain asession key, enciphers the obtained session key with the inherent keystored in the management database in correspondence with the receivedcreator ID, to generate a second enciphered session key, and transmitsthe generated second enciphered session key to the client, the clientwhich has received the second enciphered session key adds to saidenciphered data the creator ID stored in the inherent data storing meansand the received second enciphered session key, to create an encipheredfile, the client uses, when it accepts the enciphered file, an inherentID of a decryptor stored in the inherent data storing means as adecryptor ID, to transmit to the key management server the decryptor ID,and the creator ID and the second enciphered session key in the acceptedenciphered file, the key management server which has received thedecryptor ID, and the creator ID and the second enciphered session keyjudges whether or not the received creator ID is stored as a decryptionobject ID in said management database in correspondence with thereceived decryptor ID, deciphers, when the received creator ID is storedas the decryption object ID in the management database, the secondenciphered session key with the inherent key stored in the managementdatabase in correspondence with said creator ID, to obtain a sessionkey, enciphers the obtained session key with the inherent public keystored in the management database in correspondence with the receiveddecryptor ID, to generate a third enciphered session key, and transmitsthe generated third enciphered session key to the client, and the clientwhich has received the third enciphered session key deciphers thereceived third enciphered session key with the inherent secret keystored in the inherent data storing means, to obtain a session key, anddeciphers the enciphered data in the accepted enciphered file with theobtained session key, to obtain plaintext data.
 9. A method ofcontrolling a cryptographic system in which a key management servercomprising a management database for storing, with respect to each ofusers, an inherent ID, an inherent key, and an inherent public key whichare inherent in the user, and a decryption object ID which is aninherent ID of a creator of an enciphered file decipherable by the user,and common key storing means for storing a pair of a common public keyand a common secret key, and a client comprising inherent data storingmeans for storing said inherent ID and an inherent secret key pairedwith said inherent public key, common public key storing means forstoring said common public key, and session key generating means areconnected to each other through a network, wherein said client acceptsthe entry of plaintext data or an enciphered file, the client generates,when it accepts the plaintext data, a session key by said session keygenerating means, enciphers the entered plaintext data with thegenerated session key, to create enciphered data, enciphers said sessionkey with the common public key stored in the common public key storingmeans, to generate a first enciphered session key, and uses the inherentID stored in said inherent data storing means as a creator ID, totransmit to the key management server the creator ID and the generatedfirst enciphered session key, the key management server which hasreceived the creator ID and the first enciphered session key deciphersthe received first enciphered session key with the common secret keystored in the common key storing means, to obtain a session key,enciphers the obtained session key with the inherent key stored in themanagement database in correspondence with the received creator ID, togenerate a second enciphered session key, and transmits the generatedsecond enciphered session key to the client, the client which hasreceived the second enciphered session key adds to said enciphered datathe creator ID stored in the inherent data storing means and thereceived second enciphered session key, to create an enciphered file,the client uses, when it accepts the enciphered file, an inherent ID ofa decryptor stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thecreator ID and the second enciphered session key in the acceptedenciphered file, the key management server which has received thedecryptor ID, and the creator ID and the second enciphered session keyjudges whether or not the received creator ID is stored as a decryptionobject ID in said management database in correspondence with thereceived decryptor ID, deciphers, when the received creator ID is storedas the decryption object ID in the management database, the secondenciphered session key with the inherent key stored in the managementdatabase in correspondence with said creator ID, to obtain a sessionkey, enciphers the obtained session key with the inherent public keystored in the management database in correspondence with the receiveddecryptor ID, to generate a third enciphered session key, and transmitsthe generated third enciphered session key to the client, and the clientwhich has received the third enciphered session key deciphers thereceived third enciphered session key with the inherent secret keystored in the inherent data storing means, to obtain a session key, anddeciphers the enciphered data in the accepted enciphered file with theobtain session key, to obtain plaintext data.
 10. A method ofcontrolling a cryptographic system in which a key management servercomprising a first management database for storing, with respect to eachusers, an inherent ID and an inherent public key which are inherent inthe user, and a group ID of a group to which the user belongs, and asecond management database for storing, with respect to each of groups,a group ID and a group key which are inherent in the group, and a clientcomprising inherent data storing means for storing said inherent ID andan inherent secret key paired with said inherent public key, and sessionkey generating means are connected to each other through a network,wherein said client accepts the entry of plaintext data or an encipheredfile, the client generates, when it accepts the plaintext data, asession key by said session key generating means, enciphers the enteredplaintext data with the generated session key, to create enciphereddata, enciphers said session key with the inherent secret key stored inthe inherent data storing means, to generate a first enciphered sessionkey, and uses the inherent ID stored in said inherent data storing meansas a creator ID, to transmit to the key management server the creator IDand the generated first enciphered session key, the key managementserver which has received the creator ID and the first encipheredsession key deciphers the received first enciphered session key with theinherent public key stored in the first management database incorrespondence with the received creator ID, to obtain a session key,enciphers the obtained session key with the group key stored in thesecond management database in correspondence with the group ID stored inthe first management database in correspondence with the receivedcreator ID, to generate a group enciphered session key, and transmitssaid group ID and the generated group enciphered session key to theclient, the client which has received the group ID and the groupenciphered session key adds to said enciphered data the received groupID and group enciphered session key, to create an enciphered file, theclient uses, when it accepts the enciphered file, an inherent ID of adecryptor stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and the groupID and the group enciphered session key in the accepted enciphered file,the key management server which has received the decryptor ID, and thegroup ID and the group enciphered session key judges whether or not thereceived group ID is registered in the first management database incorrespondence with the received decryptor ID, deciphers, when thereceived group ID is registered in the first management database, thegroup enciphered session key with the group key stored in the secondmanagement database in correspondence with said group ID, to obtain asession key, enciphers the obtained session key with the inherent publickey stored in the first management database in correspondence with thedecryptor ID, to generate a second enciphered session key, and transmitsthe generated second enciphered session key to the client, and theclient which has received the second enciphered session key deciphersthe received second enciphered session key with the inherent secret keystored in the inherent data storing means, to obtain a session key, anddeciphers the enciphered data in the accepted enciphered file with theobtained session key, to obtain plaintext data.
 11. A method ofcontrolling a cryptographic system in which a key management servercomprising a management database for storing, with respect to each ofusers, an inherent ID, an inherent key, and an inherent public key whichare inherent in the user, and a client comprising inherent data storingmeans for storing said inherent ID and an inherent secret key pairedwith said inherent public key, and session key generating means areconnected to each other through a network, wherein said client acceptsthe entry of plaintext data or an enciphered file, the client generates,when it accepts the plaintext data, a session key by the session keygenerating means, enciphers the entered plaintext data with thegenerated session key, to create enciphered data, enciphers said sessionkey with the inherent secret key stored in the inherent data storingmeans, to generate a first enciphered session key, accepts the entry ofthe designation of a decryption authorized user, uses an inherent ID ofthe designated decryption authorized user as a designated decryptionauthorized user ID, and uses the inherent ID stored in said inherentdata storing means as a creator ID, to transmit to the key managementserver the designated decryption authorized user ID, the creator ID, andthe generated first enciphered session key, the key management serverwhich has received the designated decryption authorized user ID, and thecreator ID and the first enciphered session key deciphers the receivedfirst enciphered session key with the inherent public key stored in themanagement database in correspondence with the received creator ID, toobtain a session key, enciphers the obtained session key with theinherent key stored in the management database in correspondence withthe received designated decryption authorized user ID, to generate asecond enciphered session key, and transmits the generated secondenciphered session key to the client, the client which has received thesecond enciphered session key adds to the enciphered data the designateddecryption authorized user ID and the second enciphered session key, tocreate an enciphered file, the client uses, when it accepts theenciphered file, the inherent ID stored in the inherent data storingmeans as a decryptor ID, to transmit to the key management server thedecryptor ID, and the designated decryption authorized user ID and thesecond enciphered session key in the accepted enciphered file, the keymanagement server which has received the decryptor ID, and thedesignated decryption authorized user ID and the second encipheredsession key judges whether or not the decryptor ID is the same as thedesignated decryption authorized user ID, deciphers, when the decryptorID is the same as the designated decryption authorized user ID, thesecond enciphered session key with the inherent key stored in themanagement database in correspondence with the received decryptor ID, toobtain a session key, enciphers the obtained session key with theinherent public key stored in the management database in correspondencewith the decryptor ID, to generate a third enciphered session key, andtransmits the generated third enciphered session key to the client, andthe client which has received the third enciphered session key deciphersthe received third enciphered session key with the inherent secret keystored in the inherent data storing means, to obtain a session key, anddeciphers the enciphered data in the accepted enciphered file with theobtained session key, to obtain plaintext data.
 12. A method ofcontrolling a cryptographic system in which a key management servercomprising a first management database for storing, with respect to eachof users, an inherent ID and an inherent public key which are inherentin the user, and a group ID of a group to which the user belongs, and asecond management database for storing, with respect to each of groups,a group ID and a group key which are inherent in the group, and a clientcomprising inherent data storing means for storing said inherent ID andan inherent secret key paired with said inherent public key, and sessionkey generating means are connected to each other through a network,wherein said client accepts the entry of plaintext data or an encipheredfile, the client generates, when it accepts the plaintext data, asession key by said session key generating means, enciphers the enteredplaintext data with the generated session key, to create enciphereddata, enciphers said session key with the inherent secret key stored inthe inherent data storing means, to generate a first enciphered sessionkey, accepts the entry of the designation of a decryption authorizedgroup, uses a group ID of the designated decryption authorized group asa designated decryption authorized group ID, and uses the inherent IDstored in said inherent data storing means as a creator ID, to transmitto the key management server the designated decryption authorized groupID, the creator ID, and the generated first enciphered session key, thekey management server which has received the designated decryptionauthorized group ID, the creator ID and the first enciphered session keydeciphers the received first enciphered session key with the inherentpublic key stored in the first management database in correspondencewith the received creator ID, to obtain a session key, enciphers theobtained session key with the group key stored in the second managementdatabase in correspondence with the received designated decryptionauthorized group ID, to generate a group enciphered session key, andtransmits the generated group enciphered session key to the client, theclient which has received the group enciphered session key adds to saidenciphered data the designated decryption authorized group ID and thereceived group enciphered session key, to create an enciphered file, theclient uses, when it accepts the enciphered file, an inherent ID of adecryptor stored in the inherent data storing means as a decryptor ID,to transmit to the key management server the decryptor ID, and thedesignated decryption authorized group ID and the group encipheredsession key in the accepted enciphered file, the key management serverwhich has received the decryptor ID, and the designated decryptionauthorized group ID and the group enciphered session key judges whetheror not the same group ID as the received designated decryptionauthorized group ID is stored in the first management database incorrespondence with the received decryptor ID, deciphers, when the samegroup ID as the received designated decryption authorized group ID isstored in the first management database in correspondence with thereceived decryptor ID, the group enciphered session key with the groupkey stored in the second management database in correspondence with thegroup ID, to obtain a session key, enciphers the obtained session keywith the inherent public key stored in the first management database incorrespondence with the decryptor ID, to generate a second encipheredsession key, and transmits the generated second enciphered session keyto the client, and the client which has received the second encipheredsession key deciphers the received second enciphered session key withthe inherent secret key stored in the inherent data storing means, toobtain a session key, and deciphers the enciphered data in the acceptedenciphered file with the obtained session key, to obtain plaintext data.13. A deciphering device connected through a network to a key managementserver comprising a management database for storing, with respect toeach of users, an inherent ID, an inherent key, and an inherent publickey which are inherent in the user, and a decryption object ID which isan inherent ID of a creator of an enciphered file decipherable by theuser, comprising: inherent data storing means for storing said inherentID and an inherent secret key paired with said inherent public key;enciphered file entering means for accepting the entry of an encipheredfile obtained by adding, to enciphered data obtained by encipheringplaintext data with a session key generated every time the plaintextdata is enciphered, a creator ID which is an inherent ID of a creator ofsaid enciphered data, and a first enciphered session key obtained byenciphering said session key with an inherent key for the creator ofsaid enciphered data; transmitting means for transmitting to the keymanagement server a decryptor ID which is the inherent ID stored in theinherent data storing means in said deciphering device, and the creatorID and the first enciphered session key in the accepted enciphered file;receiving means for receiving, from the key management server which hasreceived the decryptor ID, and the creator ID and the first encipheredsession key, a second enciphered session key obtained by enciphering asession key obtained by deciphering said first enciphered session keywith the inherent key stored in the management database incorrespondence with said creator ID with the inherent public key storedin the management database in correspondence with said decryptor ID; anddeciphering means for deciphering the received second enciphered sessionkey with the inherent secret key stored in the inherent data storingmeans, to obtain a session key, and deciphering the enciphered data inthe accepted enciphered file with the obtained session key, to obtainplaintext data.
 14. A deciphering device connected through a network toa key management server comprising a first management database forstoring, with respect to each of users, an inherent ID and an inherentpublic key which are inherent in the user, and a group ID of a group towhich the user belongs, and a second management database for storing,with respect to each of groups, a group ID and a group key which areinherent in the group, comprising: inherent data storing means forstoring said inherent ID and an inherent secret key paired with saidinherent public key; enciphered file entering means for accepting theentry of an enciphered file obtained by adding, to enciphered dataobtained by enciphering plaintext data with a session key generatedevery time the plaintext data is enciphered, a group ID of the group towhich a creator of said enciphered data belongs, and a group encipheredsession key obtained by enciphering said session key with a group keycorresponding to said group ID; transmitting means for transmitting tothe key management server a decryptor ID which is the inherent ID storedin the inherent data storing means in said deciphering device, and thegroup ID and the group enciphered session key in the accepted encipheredfile; receiving means for receiving, from the key management serverwhich has received the decryptor ID, and the group ID and the groupenciphered session key, an enciphered session key obtained byenciphering a session key obtained by deciphering the enciphered groupsession key with the group key stored in the second management databasein correspondence with said group ID with the inherent public key storedin the first management database in correspondence with said decryptorID; and deciphering means for deciphering the received encipheredsession key with the inherent secret key stored in the inherent datastoring means, to obtain a session key, and deciphering the enciphereddata in the accepted enciphered file with the obtained session key, toobtain plaintext data.
 15. A deciphering device connected through anetwork to a key management server comprising a management database forstoring, with respect to each of users, an inherent ID, an inherent key,and an inherent public key which are inherent in the user, comprising:inherent data storing means for storing said inherent ID and an inherentsecret key paired with said inherent public key; enciphered fileentering means for accepting the entry of an enciphered file obtained byadding, to enciphered data obtained by enciphering plaintext data with asession key generated every time the plaintext data is enciphered, adesignated decryption authorized user ID which is an inherent ID of adecryption authorized user designated by a creator of said enciphereddata, and a first enciphered session key obtained by enciphering saidsession key with the inherent key stored in the management database incorrespondence with said designated decryption authorized user ID;transmitting means for transmitting to the key management server adecryptor ID which is the inherent ID stored in the inherent datastoring means in said deciphering device, and the designated decryptionauthorized user ID and the first enciphered session key in the acceptedenciphered file; receiving means for receiving, from the key managementserver which has received the decryptor ID, and the designateddecryption authorized user ID and the second enciphered session key, asecond enciphered session key obtained by enciphering a session keyobtained by deciphering said first enciphered session key with theinherent key stored in the management database in correspondence withsaid decryptor ID with the inherent public key stored in the managementdatabase in correspondence with said decryptor ID; and deciphering meansfor deciphering the received second enciphered session key with theinherent secret key stored in the inherent data storing means, to obtaina session key, and deciphering the enciphered data in the acceptedenciphered file with the obtained session key, to obtain plaintext data.16. A deciphering device connected through a network to a key managementserver comprising a first management database for storing, with respectto each of users, an inherent ID and an inherent public key which areinherent in the user, and a group ID of a group to which the userbelongs, and a second management database for storing, with respect toeach of groups, a group ID and a group key which are inherent in thegroup, comprising: inherent data storing means for storing said inherentID and an inherent secret key paired with said inherent public key;enciphered file entering means for accepting the entry of an encipheredfile obtained by adding, to enciphered data obtained by encipheringplaintext data with a session key generated every time the plaintextdata is enciphered, a designated decryption authorized group ID which isa group ID of a decryption authorized group designated by a creator ofsaid enciphered data, and a group enciphered session key obtained byenciphering said session key with the group key stored in the secondmanagement database in correspondence with said designated decryptionauthorized group ID; transmitting means for transmitting to the keymanagement server a decryptor ID which is the inherent ID stored in theinherent data storing means in said deciphering device, and thedesignated decryption authorized group ID and the group encipheredsession key in the accepted enciphered file; receiving means forreceiving, from the key management server which has received thedecryptor ID, and the designated decryption authorized group ID and thegroup enciphered session key, a second enciphered session key obtainedby enciphering a session key obtained by deciphering the groupenciphered session key with the group key stored in the secondmanagement database in correspondence with said group ID with theinherent public key stored in the first management database incorrespondence with said decryptor ID; and deciphering means fordeciphering the received second enciphered session key with the inherentsecret key stored in the inherent data storing means, to obtain asession key, and deciphering the enciphered data in the acceptedenciphered file with the obtained session key, to obtain plaintext data.17. A program for controlling a deciphering device connected through anetwork to a key management server comprising a management database forstoring, with respect to each of users, an inherent ID, an inherent key,and an inherent public key which are inherent in the user, and adecryption object ID which is an inherent ID of a creator of adecipherable enciphered file, and comprising inherent data storing meansfor storing said inherent ID and an inherent secret key paired with saidinherent public key, the program controlling the deciphering device soas to: accept the entry of an enciphered file obtained by adding, toenciphered data obtained by enciphering plaintext data with a sessionkey generated every time the plaintext data is enciphered, a creator IDwhich is an inherent ID of a creator of the enciphered data, and a firstenciphered session key obtained by enciphering said session key with aninherent key for the creator of said enciphered data; transmit to thekey management server a decryptor ID which is the inherent ID stored inthe inherent data storing means in said deciphering device, and thecreator ID and the first enciphered session key in the acceptedenciphered file; and in receiving, from the key management server whichhas received the decryptor ID, and the creator ID and the firstenciphered session key, a second enciphered session key obtained byenciphering a session key obtained by deciphering the first encipheredsession key with the inherent key stored in the management database incorrespondence with said creator ID with the inherent public key storedin the management database in correspondence with said decryptor ID,decipher the received second enciphered session key with the inherentsecret key stored in the inherent data storing means, to obtain asession key, and decipher the enciphered data in the accepted encipheredfile with the obtained session key, to obtain plaintext data.
 18. Arecording medium having the program according to claim 17 recordedthereon.
 19. A program for controlling a deciphering device connectedthrough a network to a key management server comprising a firstmanagement database for storing, with respect to each of users, aninherent ID and an inherent public key which are inherent in the user,and a group ID of a group to which the user belongs, and a secondmanagement database for storing, with respect to each of groups, a groupID and a group key which are inherent in the group, and comprisinginherent data storing means for storing said inherent ID and an inherentsecret key paired with said inherent public key, the program controllingthe deciphering device so as to: accept the entry of an enciphered fileobtained by adding, to enciphered data obtained by enciphering plaintextdata with a session key generated every time the plaintext data isenciphered, a group ID of the group to which a creator of saidenciphered data belongs, and a group enciphered session key obtained byenciphering said session key with a group key corresponding to saidgroup ID; transmit to the key management server a decryptor ID which isthe inherent ID stored in the inherent data storing means in saiddeciphering device, and the group ID and the group enciphered sessionkey in the accepted enciphered file; and in receiving, from the keymanagement server which has received the decryptor ID, and the group IDand the group enciphered session key, an enciphered session key obtainedby enciphering a session key obtained by deciphering the groupenciphered session key with the group key stored in the secondmanagement database in correspondence with said group ID with theinherent public key stored in the first management database incorrespondence with said decryptor ID, decipher the received encipheredsession key with the inherent secret key stored in the inherent datastoring means, to obtain a session key, and decipher the enciphered datain the accepted enciphered file with the obtained session key, to obtainplaintext data.
 20. A recording medium having the program according toclaim 18 recorded thereon.
 21. A program for controlling a decipheringdevice connected through a network to a key management server comprisinga management database for storing, with respect to each of users, aninherent ID, an inherent key, and an inherent public key which areinherent in the user, and comprising inherent data storing means forstoring said inherent ID and an inherent secret key paired with saidinherent public key, the program controlling the deciphering device soas to: accept the entry of an enciphered file obtained by adding, toenciphered data obtained by enciphering plaintext data with a sessionkey generated every time the plaintext data is enciphered, a designateddecryption authorizer ID which is an inherent ID of a decryptionauthorizer designated by a creator of the enciphered data, and a firstenciphered session key obtained by enciphering the session key with theinherent key stored in the management database in correspondence withsaid designated decryption authorizer ID; transmit to the key managementserver a decryptor ID which is the inherent ID stored in the inherentdata storing means in said deciphering device, and the designateddecryption authorized user ID and the first enciphered session key inthe accepted enciphered file; and in receiving, from the key managementserver which has received the decryptor ID, and the designateddecryption authorized user ID and the second enciphered session key, asecond enciphered session key obtained by enciphering a session keyobtained by deciphering the first enciphered session key with theinherent key stored in the management database in correspondence withsaid decryptor ID with the inherent public key stored in the managementdatabase in correspondence with said decryptor ID, decipher the receivedsecond enciphered session key with the inherent secret key stored in theinherent data storing means, to obtain a session key, and decipher theenciphered data in the accepted enciphered file with the obtainedsession key, to obtain plaintext data.
 22. A recording medium having theprogram according to claim 21 recorded thereon.
 23. A program forcontrolling a deciphering device connected through a network to a keymanagement server comprising a first management database for storing,with respect to each of users, an inherent ID and an inherent public keywhich are inherent in the user, and a group ID of a group to which theuser belongs, and a second management database for storing, with respectto each of groups, a group ID and a group key which are inherent in thegroup, and comprising inherent data storing means for storing saidinherent ID and an inherent secret key paired with said inherent publickey, the program controlling the deciphering device so as to: accept theentry of an enciphered file obtained by adding, to enciphered dataobtained by enciphering plaintext data with a session key generatedevery time the plaintext data is enciphered, a designated decryptionauthorized group ID which is a group ID of a decryption authorized groupdesignated by a creator of the enciphered data, and a group encipheredsession key obtained by enciphering said session key with the group keystored in the second management database in correspondence with saiddesignated decryption authorized group ID; transmit to the keymanagement server a decryptor ID which is the inherent ID stored in theinherent data storing means in said deciphering device, and thedesignated decryption authorized group ID and the group encipheredsession key in the accepted enciphered file; and in receiving, from thekey management server which has received the decryptor ID, and thedesignated decryption authorized group ID and the group encipheredsession key, a second enciphered session key obtained by enciphering asession key obtained by deciphering a group enciphered session key withthe group key stored in the second management database in correspondencewith said group ID with the inherent public key stored in the firstmanagement database in correspondence with said decryptor ID, decipherthe received second enciphered session key with the inherent secret keystored in the inherent data storing means, to obtain a session key, anddecipher the enciphered data in the accepted enciphered file with theobtained session key, to obtain plaintext data.
 24. A recording mediumhaving the program according to claim 23 recorded thereon.